From: Andreas Metzler Date: Mon, 2 Jan 2017 18:18:05 +0000 (+0100) Subject: Import Debian patch 4.84.2-2+deb8u3 X-Git-Tag: debian/4.84.2-2+deb8u3^0 X-Git-Url: https://git.hcoop.net/hcoop/debian/exim4.git/commitdiff_plain/493d55f6840d04ef186778724fc67530b1600113 Import Debian patch 4.84.2-2+deb8u3 --- 493d55f6840d04ef186778724fc67530b1600113 diff --cc debian/changelog index 3e072fd,0000000..64a8f55 mode 100644,000000..100644 --- a/debian/changelog +++ b/debian/changelog @@@ -1,4608 -1,0 +1,4694 @@@ ++exim4 (4.84.2-2+deb8u3) jessie; urgency=medium ++ ++ * 94_Fix-memory-leak-on-Gnu-TLS-close.patch from upstream exim-4_84_2+fixes ++ branch: Fix GnuTLS memory leak. (Thanks, Heiko Schlittermann!) ++ Closes: #845569 ++ ++ -- Andreas Metzler Mon, 02 Jan 2017 19:18:05 +0100 ++ ++exim4 (4.84.2-2+deb8u2) jessie-security; urgency=high ++ ++ * Non-maintainer upload by the Security Team. ++ * CVE-2016-9963: DKIM information leakage ++ ++ -- Salvatore Bonaccorso Thu, 22 Dec 2016 12:17:01 +0100 ++ ++exim4 (4.84.2-2+deb8u1) jessie-security; urgency=high ++ ++ * Non-maintainer upload by the Security Team. ++ ++ [ Dominic Hargreaves ] ++ * eximstats: Remove . from @INC [CVE-2016-1238] ++ ++ -- Salvatore Bonaccorso Mon, 25 Jul 2016 20:10:44 +0200 ++ ++exim4 (4.84.2-2) jessie; urgency=medium ++ ++ * 90_Cutthrough-Fix-bug-with-dot-only-line.patch: JH/38 Fix cutthrough bug ++ with body lines having a single dot. The dot was incorrectly not doubled ++ on cutthrough transmission, hence seen as a body-termination at the ++ receiving system - resulting in truncated mails. Commonly the sender saw ++ a TCP-level error, and retransmitted the nessage via the normal ++ store-and-forward channel. This could result in duplicates received - but ++ deduplicating mailstores were liable to retain only the initial truncated ++ version. ++ * 91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch: Fix crash ++ on "exim -be '${if crypteq{xxx}{\$aaa}{yes}{no}}'". Closes: #812585 ++ * Improve on NEWS file. Closes: #818349 ++ * Add 89_01_p_Delay-chdir-until-we-opened-the-main-config.patch. Backport ++ 3de973a29de6852d61ba9bf1845835d08ca5a5ab (Delay chdir(/) until we opened ++ the main config) to actually make $initial_cwd expansion work. Also unfuzz ++ 89_02_Store-the-initial-working-directory.diff. ++ (Thanks, Серж ИвановЪ for bugreport and pointer to missing patch) Closes: ++ #818897, #826646 ++ ++ -- Andreas Metzler Sun, 12 Jun 2016 13:56:30 +0200 ++ ++exim4 (4.84.2-1) jessie-security; urgency=high ++ ++ * New upstream security release. ++ + Fix CVE-2016-1531, a local privilege escalation issue when perl_startup ++ is used. ++ + New options keep_environment/add_environment which are empty by default, ++ i.e. any subprocesses start in a clean (empty) environment. ++ + -C requires an absolute path. ++ + Exim changes it's working directory to / right after startup. ++ * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new ++ options. Set "keep_environment =" by default to avoid a runtime warning. ++ Bump exim4-config Breaks to exim4-daemon-* (<< 4.84.2). ++ * 89_01_only_warn_on_nonempty_environment.diff, ++ 89_02_Store-the-initial-working-directory.diff: Upstream followups on the ++ CVE fix (Thanks, Heiko Schlittermann!): ++ + Runtime warning is only generated if (and only if) keep_environment ++ is unset and environment is nonempty. ++ + Store the initial working directory and make it available in the new ++ expansion variable $initial_cwd. ++ * Add NEWS entry to warn of potential breakage. ++ ++ -- Andreas Metzler Sat, 12 Mar 2016 08:17:40 +0100 ++ ++exim4 (4.84-8+deb8u2) jessie; urgency=medium ++ ++ * 87_Fix-transport-results-pipe-for-multiple-recipients-c.patch: Pull and ++ unfuzz bd21a78 from upstream GIT, to fix a bug causing duplicate ++ deliveries especially on TLS connections. Closes: #805576 ++ ++ -- Andreas Metzler Sat, 21 Nov 2015 11:24:46 +0100 ++ ++exim4 (4.84-8+deb8u1) jessie; urgency=medium ++ ++ * Pull 85_Fix-crash-in-mime-acl-when-a-parameter-is-unterminat.patch ++ and 86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch from ++ upstream GIT to fixup more MIME ACL related crashes. (Thanks, Lutz ++ Preßler) Closes: #803562 ++ ++ -- Andreas Metzler Mon, 26 Oct 2015 17:42:16 +0100 ++ +exim4 (4.84-8) unstable; urgency=medium + + * Pull 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch and + 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from + upstream GIT which fix breakage of string-expansion in headers_remove + commands. (Thanks Gordon Dickens, for the pointer.) + + -- Andreas Metzler Tue, 17 Feb 2015 18:00:42 +0100 + +exim4 (4.84-7) unstable; urgency=medium + + * Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and + (<< ${source:Version}.1), at least source version, but not the next + sourceful upload. Closes: #777246 + + -- Andreas Metzler Sat, 07 Feb 2015 15:12:33 +0100 + +exim4 (4.84-6) unstable; urgency=medium + + * Revert init script's restart order change in 4.84-4 for the time being. + This needs a slightly more involved change than I want to push into jessie + right now. + + -- Andreas Metzler Sun, 21 Dec 2014 14:07:12 +0100 + +exim4 (4.84-5) unstable; urgency=medium + + * 82_quoted-or-r-2047-encoded.diff pulled from upstream git (sans + testsuite), extends the fix in 4.84-2. + + -- Andreas Metzler Wed, 17 Dec 2014 19:03:39 +0100 + +exim4 (4.84-4) unstable; urgency=medium + + * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop + neither expects a mbox-style From nor an empty line add the end. (Thanks, + Edward Betts) Closes: #769396 + * Change the init script's restart order from { regenerate_config; stop; + start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) + Closes: #768874 + * 81_buffer-overrun-in-spam-acl.diff from upstream git. Fix a buffer overrun + with control characters in argument of spam= acl condition. + + + -- Andreas Metzler Sun, 30 Nov 2014 08:24:04 +0100 + +exim4 (4.84-3) unstable; urgency=medium + + * Apply patch to Italian (it) debconf template translation, thanks to + s3v . Closes: #764925 + * Let virtual package cron-daemon fulfill exim4-base's dependency now that + bcron provides it instead of "cron" and systemd-cron is fixed. + Closes: #765720 + + -- Andreas Metzler Sun, 19 Oct 2014 13:35:56 +0200 + +exim4 (4.84-2) unstable; urgency=high + + * Add 80_mime_empty_charset.diff from upstream GIT (the parts that change + the code, not the testsuite) to handle empty content-type charset. + + -- Andreas Metzler Fri, 29 Aug 2014 19:41:38 +0200 + +exim4 (4.84-1) unstable; urgency=medium + + * New upstream release. + + -- Andreas Metzler Thu, 14 Aug 2014 19:33:01 +0200 + +exim4 (4.84~RC2-1) unstable; urgency=medium + + * New upstream release candidate. + + -- Andreas Metzler Sat, 09 Aug 2014 07:42:00 +0200 + +exim4 (4.84~RC1-3) unstable; urgency=medium + + * Third try. Simply comment *custom* in debian/control. + + -- Andreas Metzler Sat, 02 Aug 2014 09:29:13 +0200 + +exim4 (4.84~RC1-2) unstable; urgency=medium + + * Re-upload, after manually removing *custom* from the changes file to avoid + false detection of NEW packages due to the changes in the archive + infrastructure related source-only uploads. + + -- Andreas Metzler Sat, 02 Aug 2014 08:14:54 +0200 + +exim4 (4.84~RC1-1) unstable; urgency=medium + + * New upstream release candidate, fixing a regression in the MIME handling + code. + + -- Andreas Metzler Sat, 02 Aug 2014 07:45:26 +0200 + +exim4 (4.83-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler Sat, 26 Jul 2014 09:25:15 +0200 + +exim4 (4.83-1) experimental; urgency=medium + + * New upstream release which includes the fix for CVE-2014-2972. + + -- Andreas Metzler Wed, 23 Jul 2014 08:13:22 +0200 + +exim4 (4.83~RC3-1) experimental; urgency=medium + + * New upstream release candidate. + + -- Andreas Metzler Tue, 08 Jul 2014 19:07:52 +0200 + +exim4 (4.83~RC2-1) experimental; urgency=medium + + * New upstream release candidate. + + JH/26 Port service names are now accepted for tls_on_connect_ports, to + align with daemon_smtp_ports. Bug 72. Closes: #316441 + + + -- Andreas Metzler Fri, 06 Jun 2014 19:11:24 +0200 + +exim4 (4.83~RC1-1) experimental; urgency=medium + + * New upstream feature release candidate. + + JH/06 Log outbound-TLS and port details, subject to log selectors, for a + failed delivery. Closes: #712987 + * Unfuzz 31_eximmanpage.dpatch and 50_localscan_dlopen.dpatch. + * Drop superfluous patches: 75_unbind-ldap-connection.diff + 76_fix_ldap_option_setting.diff 77_close-the-server-side-of-TLS.diff + 80_fix_ftbfs_hurd.diff + * Since exim4-base currently only includes daily cronjobs let anacron + fulfill the dependency, too. Systems with missing recommends (anacron + recommends cron) that are *not* restarted regularily will therefore not + run the cron-job regularily. Exim should not break horribly in this case + and we can assume the local system administrator knows what (s)he is doing + by disabling installation of recommends. (Policy: "[...] packages that + would be found together with this one in all but unusual installations") + Closes: #733929 + + -- Andreas Metzler Thu, 29 May 2014 13:09:04 +0200 + +exim4 (4.82.1-2) unstable; urgency=high + + * [87_double_expansion.diff] from upstream. Stop unwanted double expansion + of arguments to mathematical comparison operations. CVE-2014-2972 + + -- Andreas Metzler Sun, 20 Jul 2014 19:05:48 +0200 + +exim4 (4.82.1-1) unstable; urgency=high + + * New upstream security release, fixing CVE-2014-2957. This is a remote + code execution flaw in Exim version 4.82 (only) when built with DMARC + support. Debian's binary packages are not built with DMARC support and + therefore not vulnerable. However we want to fix this for people building + their own binaries based on Debian's packaging. + + -- Andreas Metzler Wed, 28 May 2014 19:01:43 +0200 + +exim4 (4.82-8) unstable; urgency=medium + + * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against + GnuTLS v3. + + -- Andreas Metzler Sat, 12 Apr 2014 16:19:05 +0200 + +exim4 (4.82-7) unstable; urgency=high + + [ Martin Pitt ] + * debian/tests/control: Add missing python test dependency, as + debian/tests/security calls python. Closes: #740092 + + [ Andreas Metzler ] + * 4.82 deprecated $tls_bits, $tls_certificate_verified, $tls_cipher, + $tls_peerdn, $tls_sni and introduced tls_in_*/tls_out_* variants of these + variables which describe the respective status of the current incoming or + outgoing TLS connection. The rationale for this is that a single exim + process can now use both an incoming (message reception) and outgoing + TLS connection (callout or cutthrough delivery) concurrently. With this + change the "old" variables were mapped to tls_in_*, i.e. they expand to + empty values on outgoing connections. (This is not yet documented.) + Outgoing tls-connections can therefore not be detected by nonempty + $tls_cipher anymore. exim4-config << 4.82 used this mechanism to prevent + sending of plaintext AUTH information on unencrypted connections. Force a + lockstep upgrade of exim4-config by bumping the version of exim4-base's + dependency on exim4-config to >= 4.82. + Closes: #742901, #736081 + + -- Andreas Metzler Sun, 06 Apr 2014 08:32:11 +0200 + +exim4 (4.82-6) experimental; urgency=medium + + [ Martin Pitt ] + * debian/tests/control: Add missing python test dependency, as + debian/tests/security calls python. Closes: #740092 + + [ Andreas Metzler ] + * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against + GnuTLS v3. + + -- Andreas Metzler Sat, 05 Apr 2014 14:18:11 +0200 + +exim4 (4.82-5) unstable; urgency=medium + + * Upgrade to libdb5.3-dev. Closes: #738637 Be paranoid and bump BDBVERSION + in exim4-base.postinst from 3.0 (no idea why this did not read 5.1) to + 5.3, therefore purging hints db on upgrades. + + -- Andreas Metzler Wed, 12 Feb 2014 19:31:55 +0100 + +exim4 (4.82-4) unstable; urgency=medium + + * Correct title/name of exim4-config_files(5). (Thanks, Heiko Schlittermann) + Closes: #734212 + * 80_fix_ftbfs_hurd.diff by Samuel Thibault fixes FTBFS on GNU/hurd due to + missing support for TCLASS. Closes: #738445 + * Add debian/upstream-signing-key.pgp (listed in + debian/source/include-binaries) and update watchfile to check + upstream signature. + + -- Andreas Metzler Sun, 09 Feb 2014 19:41:34 +0100 + +exim4 (4.82-3) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Wed, 27 Nov 2013 19:51:26 +0100 + +exim4 (4.82-2) experimental; urgency=low + + * Pull two post-release fixes from upstream git master: + + 75_unbind-ldap-connection.diff - Only unbind ldap connection if bind + succeeded. + + 77_close-the-server-side-of-TLS.diff - Correctly close the server side + of TLS when forking for delivery. + * Pull 76_fix_ldap_option_setting.diff from Todd Lyons testing tree. See + . + + -- Andreas Metzler Sat, 09 Nov 2013 17:24:59 +0100 + +exim4 (4.82-1) experimental; urgency=low + + * New upstream stable release. + * Drop exim4-config_files.5 symlinks for local_host_whitelist and + local_sender_whitelist, add symlinks for host_local_deny_exceptions and + sender_local_deny_exceptions instead. Closes: #661365 + + -- Andreas Metzler Sat, 09 Nov 2013 11:52:58 +0100 + +exim4 (4.82~rc5-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Sat, 26 Oct 2013 08:50:58 +0200 + +exim4 (4.82~rc3-1) experimental; urgency=low + + * New upstream version. + + TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard + Hall. + + TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors + looking up a hostname or reverse DNS when processing a host list. Used + suggestions from multiple comments on this bug. + + TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey. + * Add macros for sending a client certificate on outgoing TLS connections. + (REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY, + REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY) + Closes: #677826 + + -- Andreas Metzler Sat, 12 Oct 2013 09:30:28 +0200 + +exim4 (4.82~rc2-1) experimental; urgency=low + + * exim-gencert: Generate 2048bit key by default. LP: #1200581 + * New upstream version. + + Drop 80_addmanuallybuiltdocs.diff + + -- Andreas Metzler Thu, 03 Oct 2013 19:24:59 +0200 + +exim4 (4.82~rc1-1) experimental; urgency=low + + * New upstream version. + + TL/02 Add +smtp_confirmation as a default logging option. + Closes: #649600 + + JH/05 Permit multiple router/transport headers_add/remove lines. + Closes: #276126 + + See /usr/share/doc/exim4-base/NewStuff.gz for other newly added + features. + * Upload to experimental. + * Drop unnecessary patches (30_dontoverridecflags.dpatch + 75_openssl_sni.diff 76_tls_dh_min_bits.diff 77_docsfortls_dh_min_bits.diff + 78_pkcs11_init.diff 84_CVE-2012-5671.patch 85_server_set_id_SPA.diff + 86_Dovecot-robustness.diff 87_localinjected_mimeacl.diff), unfuzz patches. + * Applying upstream's default configuration updates to Debian configuration + change 30_exim4-config_examples to use tls_in_cipher/tls_out_cipher + instead of tls_out_cipher. - exim4-config therefore Breaks + exim daemon << 4.82~rc1. + * 80_addmanuallybuiltdocs.diff: Upstream rc tarball ships empty filter.txt + and spec.txt, replace these with correct handbuilt versions. + + -- Andreas Metzler Sun, 29 Sep 2013 14:43:25 +0200 + +exim4 (4.80-9) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Sat, 14 Sep 2013 08:05:18 +0200 + +exim4 (4.80-8) experimental; urgency=low + + * Import updated watchfile by Bart Martens. (Handles more compression types + and x.y.revision versioning.) + * In initscript invoke pidofproc with a pathname argument as it is + documented in LSB and required by lsb-base (>= 4.1+Debian9). + Closes: #693696, #718871 + * Improve exim4-config_files.5 and README.Debian - Warn about unresolvable + items in host lists. Closes: #627988 + * Drop support for "/etc/init.d/exim4 what". It offers zero benefit to + invoking exiwhat directly and throws an error mesage, too. (Thanks Regid + Ichira for the diagnosis.) Closes: #643720 + * Set "host_find_failed = ignore" (instead of defer) on smarthost and + hub_user_smarthost router. Now if one (of the possibly multiple) listed + smarthosts is not resolvable (NXDOMAIN) ignores it and and tries the next + listed one. If all listed hosts are unresolvable the mail is still + defered, since host_all_ignored is set to defer by default. Therefore the + behavior does not change for single-smarthost systems. Closes: #658878 + * Remove obsolete conffile /etc/cron.monthly/exim4-base which was only + shipped in 4.69-3. Closes: #689334 + * Update exim_db.8, syncing against spec.txt from exim 4.80. + * 87_localinjected_mimeacl.diff from upstream GIT. When injecting a message + locally in non-SMTP mode, and with MIME ACLs configured, if the ACL + rejected the message, Exim would try to `fprintf(NULL, "%s", + the_message)`. This fixes that. + * [lintian] Escape some dashes in exim4-config_files.5. + * Point vcs-* to anonscm. + * Remove pidfile after stopping the daemon, exim does not remove it itself. + Closes: #702988 + * eu.po: Fix last reference to /usr/share/doc/exim4-base/README.Debian + (without either .html or .gz suffix). Closes: #394975 + * Merge autopkgtests from Ubuntu (Thanks Yolanda Robla for the pointer) + Closes: #710018 + + tests/CVE-2010-4344.py is GPLv2 - Add license header. + + tests/daemon and tests/security do not use bashisms, change shebang + to /bin/sh. + * Upload to experimental, due to perl transition. + + -- Andreas Metzler Sun, 01 Sep 2013 15:58:49 +0200 + +exim4 (4.80-7) unstable; urgency=low + + * Use exim's ${quote:xxx} operator when invoking spfquery to disallow + bypassing of SPF validation by using special mailbox names. (Thanks to + Lekensteyn for diagnosis and testing.) Closes: #697057 + + -- Andreas Metzler Wed, 02 Jan 2013 19:37:21 +0100 + +exim4 (4.80-6) unstable; urgency=low + + * Cherrypick two changes from GIT: + + 85_server_set_id_SPA.diff: server_set_id was not stored in + $authenticated_id when using SPA authentication. + http://article.gmane.org/gmane.mail.exim.user/92181 + + 86_Dovecot-robustness.diff: robustness fixes for the Dovecot + authenticator. + + -- Andreas Metzler Wed, 21 Nov 2012 19:08:53 +0100 + +exim4 (4.80-5.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * CVE-2012-5671: Fix heap-based buffer overflow in DKIM handling. + + -- Nico Golde Thu, 25 Oct 2012 20:11:11 +0200 + +exim4 (4.80-5) unstable; urgency=low + + * Fix grammar error in debian/manpages/exim4-config_files.5. (Thanks, + Regid Ichira) + * Fix hardening support. (Thanks, Simon Ruderich) + + Append $(CPPFLAGS) to CFLAGS, the exim buildsystem does not use it. + + Set LFLAGS += $(LDFLAGS) in debian/rules. + Closes: #687645 + * Correct typo in Russian debconf translation. (Thanks, Krasu) + Closes: #683385 + * Point Vcs-* to git repository. + + -- Andreas Metzler Sun, 23 Sep 2012 12:20:16 +0200 + +exim4 (4.80-4) unstable; urgency=low + + * Disable autoloading of PKCS#11 modules. Closes: #678238 + + -- Andreas Metzler Sat, 23 Jun 2012 18:35:03 +0200 + +exim4 (4.80-3) unstable; urgency=low + + * Pull 75_openssl_sni.diff from upstream. - Segfault caused by NULL + dereference if Exim is built using OpenSSL, tls_sni is used and a + forced expansion failure is configured. + * Pull 76_tls_dh_min_bits.diff (and the corresponding doc change + 77_docsfortls_dh_min_bits.diff) from upstream. Adds a new SMTP transport + option tls_dh_min_bits for setting the minimal size of DH parameters. + * Add macro TLS_DH_MIN_BITS for setting the tls_dh_min_bits smtp transport + option. Closes: #676563 + * [lintian] Stop shipping empty directory /usr/share/exim4 in exim4-base. + + -- Andreas Metzler Fri, 08 Jun 2012 12:37:05 +0200 + +exim4 (4.80-2) unstable; urgency=low + + * [Brown paper bag] actually target unstable in changelog. + + -- Andreas Metzler Sun, 03 Jun 2012 17:24:05 +0200 + +exim4 (4.80-1) experimental; urgency=low + + * New upstream version, identical to rc7. + * Add a missing piece of documentation to update-exim4.conf.8. DCreadhost + is not only used for rewriting, in satellite setup it is also + the host where local mail is delivered to. (Thanks, Regid Ichira). + Closes: #675712 + + -- Andreas Metzler Sun, 03 Jun 2012 16:49:51 +0200 + +exim4 (4.80~rc7-1) experimental; urgency=low + + * New upstream version. + * Let debian/EDITME.openssl.exim4-light.diff apply again. + + -- Andreas Metzler Tue, 29 May 2012 19:33:07 +0200 + +exim4 (4.80~rc6-1) experimental; urgency=low + + * Ship newly available GnuTLS-FAQ.txt in exim4-base. + * Upstream's handling of GnuTLS DH parameters has changed, hardcoded + parameters (from RFCs are used by default. See + /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping + /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl + and /var/spool/exim4/gnutls-params-2236. + + -- Andreas Metzler Sun, 27 May 2012 18:46:48 +0200 + +exim4 (4.80~rc5-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Thu, 24 May 2012 20:20:24 +0200 + +exim4 (4.80~rc4-1) experimental; urgency=low + + * New upstream version. + + Unfuzz 50_localscan_dlopen.dpatch + + Drop 80_revert_stringformatprintf.diff, superseded upstream. + + Default DH param size switched to 2236 for NSS compat. Update + generation script and shipped parameters. + + -- Andreas Metzler Mon, 21 May 2012 20:00:18 +0200 + +exim4 (4.80~rc2-1) experimental; urgency=low + + * Fix typo in retry/30_exim4-config (s/frequenzy/frequency/) (Thanks, Regid + Ichira). Closes: #646338 + * dpkg-buildflags supersedes hardening-wrapper. set + DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie to use features enabled + by hardening-wrapper by default. Make sure to always set -Wall. + * List mapppings between debconf choices ("mail sent by smarthost; no local + mail" et al.) and corresponding values of the DC_eximconfig_configtype + macro in update-exim4.conf(8). Closes: #651883 + * README.Debian.*: Correct documentation of the lowuid_aliases router. - The + macro is named FIRST_USER_ACCOUNT_UID instead of FIRST_USER_UID. (Thanks, + Yubao Liu) Closes: #653058 + * add more verbose help to /etc/default/exim4. Closes: #653272 + * Updated French debconf templates translation. (thanks for proofreading, + debian-l10n-french!) Closes: #668475 + * Fix typo usualy in update-exim4.conf.8. + * Add source lintian override (debian/source/lintian-overrides) for + binaries-have-file-conflict exim4-daemon-heavy-dbg exim4-daemon-light-dbg. + *-daemon-dbg depends on the respective -daemon, and the daemon-packages + conflict with each other. + * New upstream version: + + Unfuzz patches + + Update 66_enlarge-dh-parameters-size.dpatch. This is now a noop if built + against gnutls >= 2.12. + + Default DH param size is 2432, update generation script and shipped + parameters. + + Unfuzz/update */EDITME/*. Update debian/example.conf.md5. + + 80_revert_stringformatprintf.diff. Do not mark string_format() as + PRINTF_FUNCTION(3,4) to allow compilation with -Wformat + -Werror=format-security + + Sets accept_8bitmime = true by default. Closes: #445013 + + Uses GnuTLS priority string for configuration. (See NEWS.Debian) + Closes: #624041 + + -- Andreas Metzler Sun, 20 May 2012 15:57:15 +0200 + +exim4 (4.77-1) unstable; urgency=low + + * Fix typo in exim4-config_files.5. (Thanks, Regid Ichira) Closes: #645283 + * New upstream stable release. (No major changes compared to rc4) + * Upload to unstable. + + -- Andreas Metzler Sat, 22 Oct 2011 18:00:11 +0200 + +exim4 (4.77~rc4-1) experimental; urgency=low + + * New upstream release candidate. + + drop patches included in this release. + (80_gnutls_certificate_verify_peers2.diff 80_gnutls_initrc.diff + 80_TLS1.2-and-TLS1.1-support.diff) + + New expansion conditions, "inlist", "inlisti". + + Exim no longer performs string expansion on the second string of + the match_* expansion conditions: "match_address", "match_domain", + "match_ip" & "match_local_part". Named lists can still be used. The + previous behavior made it too easy to create (remotely) vulnerable + configurations. A more detailed rationale and explanation can be found + on + https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html + + doc/pcrepattern.txt is not shipped anymore as part of the exim tarball + (and therefore the Debian package suite.) + * Make use of /usr/share/dpkg/buildflags.mk if available. + * Change build system to build each binary variant in a separate copy of + the source tree instead of re-using the copy and moving away the results + after build. The old approach stopped working since upstream added a + dependency on make all to make install. - As we were changing parts of + tree (Local/Makefile) after the build this caused an (incorrect) rebuild + on make install. + + -- Andreas Metzler Sat, 08 Oct 2011 13:07:35 +0200 + +exim4 (4.76-4) experimental; urgency=low + + * 80_TLS1.2-and-TLS1.1-support.diff (pulled from upstream GIT gnutls_fixes + branch): Enable TLS1.2 and TLS1.1 + * 80_gnutls_certificate_verify_peers2.diff, 80_gnutls_initrc.diff (pulled + from upstream GIT gnutls_fixes branch): Use + gnutls_certificate_verify_peers2() instead of + gnutls_certificate_verify_peers(). The deprecated function was dropped in + GnuTLS 3.x. Closes: #624082 + + -- Andreas Metzler Sat, 24 Sep 2011 18:36:08 +0200 + +exim4 (4.76-3) unstable; urgency=low + + * [exim4-base.cron.daily] Correct invocation of mail(1), options need to be + specified before arguments for compatibility with heirloom-mailx (Thanks, + Andreas Schiweck). Closes: #629314 + * [exim4-base.exim4.init] Use echo instead of log_failure_msg for the panic + log warning. Closes: #629610 + * [exim4-base.postinst] Also take care of ratelimit db on bdbd upgrades. + Closes: #630985 + * Update Debian exim webpage URL. Closes: #641126 + * Do not run upgrade test for 4.67-5 on exim4.conf.template if split config + is used and vice versa. Closes: #577633 + * [lintian] Do not specify priority in binary package stanzas, unless it + deviates from the source package priority setting. + * [lintian] Drop unused lintian override binary-without-manpage + usr/sbin/exim. + * [lintian] Improve on short descriptions of *-dbg packages. + + -- Andreas Metzler Sun, 18 Sep 2011 11:49:13 +0200 + +exim4 (4.76-2) unstable; urgency=low + + * debian/rules: Remove test/ and test-stamp on clean. + * Handle BerkeleyDB upgrades more gracefully. Instead of checking Debian + version numbers compare DB-version of old exim (stored by postinst in + /var/lib/exim4/berkeleydbvers.txt) with currently used DB-version + (hardcoded at build time in exim4-base.postinst). + * [exim4-base.postinst exim4-config.postinst] Do away with unnecessary + chowns by dropping them or limiting to upgrades from 4.30. + + -- Andreas Metzler Sun, 29 May 2011 18:21:03 +0200 + +exim4 (4.76-1) unstable; urgency=low + + * New upstream version. + * Drop 80_match_isinlist.diff (included upstream). + + -- Andreas Metzler Mon, 09 May 2011 19:12:09 +0200 + +exim4 (4.76~RC1-3) experimental; urgency=low + + * 80_match_isinlist.diff pulled from upstream git. + + -- Andreas Metzler Sun, 08 May 2011 14:44:20 +0200 + +exim4 (4.76~RC1-2) experimental; urgency=low + + * Fix testsuite error. + * Disable verification of DKIM signatures if DC_minimaldns or the (newly + added) DISABLE_DKIM_VERIFY macro are set. Closes: #609764 + * [lintian] Drop useless comments from debian/watch. + + -- Andreas Metzler Sun, 08 May 2011 08:58:24 +0200 + +exim4 (4.76~RC1-1) experimental; urgency=low + + * New upstream version. + * Drop superfluous patches. 80_ldap_require_cert-work.diff + 81_negatebool.diff 82_dkimpercent.diff + * [Lintian] Fix grammar error in manpage (spelling-error-in-manpage + update-exim4defaults.8.gz allows to allows one to). + * [debian/minimaltest]: Added. Try to run a minimal functionality test after + building exim. (Currently only supported if the build-system has a + Debian-exim user.) + + -- Andreas Metzler Fri, 06 May 2011 20:27:56 +0200 + +exim4 (4.75-3) unstable; urgency=high + + * [debian/rules] Fix dependencies and targets, speeding up package build. + Previously everything was compiled twice. + * Patches pulled from upstream git: + +81_negatebool.diff Negating the $bool expansion condition did not work. + +82_dkimpercent.diff dkim sig logged to paniclog. Closes: #624670 + (CVE-2011-1764) + + -- Andreas Metzler Fri, 06 May 2011 20:08:51 +0200 + +exim4 (4.75-2) unstable; urgency=low + + * clamav socket on Debian is clamd:/var/run/clamav/clamd.ctl, fix + configuration example accordingly. (Thanks, Roman V. Nikolaev) + Closes: #622111 + * Use on libdb5.1-dev (instead of 4.8), zap hints db on upgrade from <= + 4.75-1. Closes: #621388 + * Enable hardening options. (Last difference to Ubuntu except for not being + the default-mta there.) Closes: #542726 + + -- Andreas Metzler Sat, 16 Apr 2011 14:45:36 +0200 + +exim4 (4.75-1) unstable; urgency=low + + * New upstream version. + * 80_ldap_require_cert-work.diff Pulled from upstream git. The new + ldap_require_cert option would segfault if used. + + -- Andreas Metzler Mon, 28 Mar 2011 19:24:55 +0200 + +exim4 (4.75~rc3-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Thu, 03 Mar 2011 19:10:06 +0100 + +exim4 (4.75~rc2-1) experimental; urgency=low + + * New upstream version. + + Fixes exiqgrep "Line mismatch" error on messages without size info. + Closes: #528625 + + Restore default SIGPIPE handler for child_open_uid. Closes: #573779 + * Enable verbose compilation. + + -- Andreas Metzler Sun, 27 Feb 2011 11:59:45 +0100 + +exim4 (4.74-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Thu, 24 Feb 2011 19:02:07 +0100 + +exim4 (4.74-1) experimental; urgency=low + + * 4.74 release, should build on hurd again. + * Fix some lintian --pedantic issues: copyright-refers-to-symlink-license + maintainer-script-without-set-e debian-control-has-unusual-field-spacing + + -- Andreas Metzler Sat, 29 Jan 2011 15:39:51 +0100 + +exim4 (4.74~rc2-1) experimental; urgency=low + + * In spf example use spf-tools-perl's spfquery instead of the one from + libmail-spf-query-perl. Do not try to use unimplemented best-guess + support. Update Suggests accordingly. Closes: #608336 + * Add headers in ACL by using the add_header modifier instead of "message". + (This modifier has been available since 4.61.) Closes: #609308 + * New upstream version. + + includes the fix for CVE-2011-0017 + + If a non-debug daemon was invoked with a non-whitelisted macro, then + logs from after attempting delivery would be silently lost, including + for successful delivery. This log-loss bug was introduced in 4.73 + as part of the security lockdown. Closes: #610611 + + Update some patches. + + -- Andreas Metzler Sun, 23 Jan 2011 14:02:36 +0100 + +exim4 (4.73~rc1-1) experimental; urgency=low + + * New upstream release candidate. + * Drop included patches. 80_4.73rc1_*, 40_dkimnotinpaniclog.diff. + * Update 31_eximmanpage.dpatch. + * exim4 now uses INSTREAM (added in clamav 0.95) instead of STREAM when + talking to clamav. exim4-daemon-heavy therefore Breaks: clamav-daemon + (<< 0.95). + * Unfuzz EDITME*diff. + * Dependency changes: + + Drop exim4-config's conflicts with bash (<< 2.05). This was relevant + pre-sarge. + + Drop exim4-daemon-* dependency on exim4-base (>> 4.71-2). This one is + superfluous because of of the dependency on + exim4-base (>= ${Upstream-Version}). + + exim4-config breaks instead of conflicts with pre-DKIM (i.e. << 4.69.1) + exim4-daemon. + + exim4-base breaks instead of conflicts with <<${Upstream-Version} daemon + packages. + * Add Vcs-Svn and Vcs-Browser fields to debian/control. + * Build depend on libmysqlclient-dev | libmysqlclient15-dev instead of + libmysqlclient15-dev. libmysqlclient-dev is not a virtual package + anymore. Closes: #590218 + * Use db_settitle unconditionally, even etch supports this. Drop unneeded + lintian override exim4-config: settitle-requires-versioned-depends. + + -- Andreas Metzler Mon, 27 Dec 2010 19:48:19 +0100 + +exim4 (4.72-6) unstable; urgency=high + + * 80_4.74_filtertesting.diff: Do not abort when setgid fails if privileges + were dropped. This fixes a regression from 4.72-2, it was not possible to + test filter files with exim4 -bf anymore. Closes: #611572 + + -- Andreas Metzler Mon, 31 Jan 2011 19:05:48 +0100 + +exim4 (4.72-5) unstable; urgency=medium + + * 80_4.74_deliverylogging.patch (Pulled from upstream git): If a non-debug + daemon was invoked with a non-whitelisted macro, then logs from after + attempting delivery would be silently lost, including for successful + delivery. This log-loss bug was introduced as part of the security + lockdown for fixing CVE-2010-4345. Closes: #610611 + + -- Andreas Metzler Sat, 29 Jan 2011 14:33:36 +0100 + +exim4 (4.72-4) unstable; urgency=medium + + * In spf example use spf-tools-perl's spfquery instead of the one from + libmail-spf-query-perl. Do not try to use unimplemented best-guess + support. Update Suggests accordingly. Closes: #608336 + * 80_4.74_CVE-2011-0017.patch (Pulled from upstream git): Check return + values of setgid/setuid. This is a privilege escalation vulnerability + whereby the Exim run-time user can cause root to append content of the + attacker's choosing to arbitrary files. + + -- Andreas Metzler Sat, 22 Jan 2011 17:48:19 +0100 + +exim4 (4.72-3) unstable; urgency=low + + * [README.Debian*] Correct command for manual paniclog rotation. (Thanks, + Jörg Sommer) Closes: #602188 + * 67_unnecessaryCopt.diff: Do not use exim's -C option in utility scripts. + This would not work with ALT_CONFIG_PREFIX. + * Pull changes related to fixing CVE-2010-4345 from exim 4.73 rc1. + Closes: #606527 + + 1_cfile_norw_eximuid: Don't allow a configure file which is writeable by + the Exim user or group. + + 2_permcheck_configurefile: Check configure file permissions even for + non-default files if still privileged. + + 3_remove_ALT_CONFIG_ROOT_ONLY: Remove ALT_CONFIG_ROOT_ONLY build option, + effectively making it always true. + + 4_FD_CLOEXEC: Set FD_CLOEXEC on SMTP sockets after forking in the + daemon, to ensure that rogue child processes cannot use them. + + 5_TRUSTED_CONFIG_LIST: Add TRUSTED_CONFIG_LIST compile option. + + 6_nonroot_system_filter_user: If the system filter needs to be run as + root, let that be explicitly configured. The default is now the Exim + run-time user. + + 7_filter_D_option: Add a (compiletime) whitelist of acceptable values + for the -D option. + + 8_updatedocumentation: Update documentation to reflect the changes. + * Build with WHITELIST_D_MACROS=OUTGOING. Post patch 7_filter_D_option exim + will not regain root privileges (usually necessary for local delivery) if + the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are + exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING. + * Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. Post patch + 3_remove_ALT_CONFIG_ROOT_ONLY exim will not re-gain root privileges + (usually necessary for local delivery) if the -C option was used. This + makes it impossible to start a fully functional damon with an alternate + configuration file. /etc/exim4/trusted_configs (can) contain a list of + filenames (one per line, full path given) to which this restriction does + not apply. + + -- Andreas Metzler Sun, 26 Dec 2010 15:13:08 +0100 + +exim4 (4.72-2) unstable; urgency=low + + [ Marc Haber ] + * Apply patch to russian (ru) debconf template, thanks to Тим + Алексеевский and Tim Alexeevsky. Closes: #576202 + * fix exim4-config_files man page, mention + {host|sender}_local_deny_exceptions instead of + local_{host|sender}_whitelist. Thanks to Fabien André in #578176 + * add !acl = acl_local_deny_exceptions to defer stanzas in SPF code. + Thanks to Fabien André. Closes: #578176 + * Re-work config.autogenerated header to more exactly reflect + configuration source. (mh) Closes: #593984 + + [ Andreas Metzler ] + * Fix getopt invocation to make update-exim4.conf.template -o work. (Thank + you Matthew W. S. Bell) Closes: #590333 + * 40_dkimnotinpaniclog.diff pulled from upstream git. Stop logging + non-critical DKIM errors in paniclog. Closes: #567876 + * Debconf translations: + - Danish. Closes: #592792 + + -- Andreas Metzler Sat, 30 Oct 2010 13:38:26 +0200 + +exim4 (4.72-1) unstable; urgency=low + + * New upstream release. (Identical to the git snapshot previously + uploaded to experimental.) + + -- Andreas Metzler Thu, 03 Jun 2010 17:42:52 +0200 + +exim4 (4.72~20100529-1) experimental; urgency=low + + * Git snapshot 20100529. + + Fix documentation for exipick -bpra. #574778 + + CVE-2010-2024: Protect against symlink attacks on MBX lockfile in /tmp. + (Debian's default configuration does not use MBX format, but the + exim4-daemon-heavy binary supports MBX.) + + CVE-2010-2023 Prevent hardlink attack on mbox sticky mail directory. + (Probably not relevant for Debian systems at all, since the mail spool + is 2775 root:mail.) + + Dovecot authenticator ignores unknown keywords, making it compatible + with version 1.1 of Dovecot authentication protocol. (= dovecot 2.0). + See Changelog for complete list. + * Drop patches included upstream: 36_typoinexipick.diff + 20_PDKIM-Upgrade-PolarSSL.diff. + + -- Andreas Metzler Sun, 30 May 2010 14:01:52 +0200 + +exim4 (4.71-4) unstable; urgency=low + + * Drop unneeded lintian overrides. + + description-contains-homepage + + debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg. + + partially-translated-question + + maintainer-script-needs-depends-on-update-inetd + + possible-bashism-in-maintainer-script + + binary-without-manpage + + possible-debconf-note-abuse + + changelog-not-compressed-with-max-compression + * Lintian informational hints: + + hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5 + debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8 + * Use dh_lintian. + * Fix sourcing of lsb-functions in init-script. Test for existence of + /usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions. + If they are not present the package's dependencies are not installed. + Bump dependency on lsb-base to 3.0-6. (log_action_*) + * Update reference to spec.txt in README.Debian. Closes: #568051 + * Invoke spfquery as spfquery.mail-spf-query-perl. There are three different + implementations of spfquery in Debian, with incompatible commandline + switches and different exit codes. Closes: #573956 + + -- Andreas Metzler Thu, 25 Mar 2010 17:34:30 +0100 + +exim4 (4.71-3) unstable; urgency=low + + * exim4-base.cron.daily: Do not run exim_tidydb on Berkeley DB logfiles. + Closes: #501892 + * exim4-base.postinst: If exim_dumpdb fails to read a hints-db also remove + Berkeley DB logfiles. + * Switch to Berkeley DB 4.8 (from 4.6). Zap hints db on upgrade. Temporarily + make -daemon packages depend on exim4-base >> 4.71-2. (This can be removed + after the next upstream release.) + Closes: #548479 + * control: Drop bzip2 from Build-Depends. Use line-wrapping for + Build-Depends. + * 36_typoinexipick.diff: Fix a typo in exipick manpage. (Lintian). + * exim4-base.postinst: Redirect status message to stderr. + + -- Andreas Metzler Fri, 01 Jan 2010 13:41:44 +0100 + +exim4 (4.71-2) unstable; urgency=low + + * Pulled from upstream: 20_PDKIM-Upgrade-PolarSSL.diff. Update files copied + from PolarSSL to 0.12.1. + * Add example file to set smarthost from /etc/network/interfaces (mh) + * Add DKIM_* macros on remote smtp transports for setting the corresponding + dkim_* options. + * Upload to unstable. + + -- Andreas Metzler Sat, 12 Dec 2009 13:24:21 +0100 + +exim4 (4.71-1) experimental; urgency=low + + * New upstream version. + + Drop patches included upstream. 51_dkimrelatedcrash.diff + 51_noreject_unsigned.diff. + + -- Andreas Metzler Sat, 28 Nov 2009 12:03:50 +0100 + +exim4 (4.70-2) experimental; urgency=low + + * 51_noreject_unsigned.diff Fix a dkim related expansion error that appears + when the expanded value of dkim_verify_signers winds up empty and + acl_smtp_dkim is defined. (This has the effect of rejecting any mail + without DKIM signature.) + * Work around 490937 by removing CHANGES. + + -- Andreas Metzler Sat, 21 Nov 2009 10:15:41 +0100 + +exim4 (4.70-1) experimental; urgency=low + + * Point watchfile to ftp.exim.org. + * Use dpkg-source v3 instead of dpatch, simplifying debian/rules a little + bit. + * New upstream version. + + Pull 51_dkimrelatedcrash.diff fixing a segfault only applying to the + 4.7x series. http://bugs.exim.org/show_bug.cgi?id=912 + * debhelper v7 mode. + + Use -XCHANGES to Keep dh_installchangelogs v7 from insisting to install + ./CHANGES as upstream changelog. + + Bump build-dependency. + + Use dh_prep instead of dh_clean -k. + + -- Andreas Metzler Sun, 15 Nov 2009 13:10:32 +0100 + +exim4 (4.70~rc4-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Wed, 11 Nov 2009 19:04:35 +0100 + +exim4 (4.70~cvs+20091030-1) experimental; urgency=low + + * New upstream snapshot. + + -- Andreas Metzler Sat, 31 Oct 2009 10:08:55 +0100 + +exim4 (4.70~cvs+20091026-1) experimental; urgency=low + + * New snapshot. + + Fixes segfault in dovecot authenticator. Closes: #551106 + + Improved documentation regarding certifacte verification on outgoing + SMTP connections. Closes: #544472 + * Drop 40_boolean_redefine_protect.dpatch - included upstream. + * Drop unapplied superfluous patches from diff: 36_pcre 37_exiwhatpsmisc. + + -- Andreas Metzler Mon, 26 Oct 2009 16:09:32 +0100 + +exim4 (4.70~cvs+20091017-1) experimental; urgency=low + + * Fix syntax errors in README.Debian.xml. (Thank's, Daniel Leidert) + * New upstream cvs snapshot. + + Drop unnecessary patches: 36_pcre 37_exiwhatpsmisc. + + Close dovecot socket after wrong password was given. Closes: #515503 + + Standalone DKIM support. Obsoletes and therefore + Closes: #486437,#459883 + * Drop upstream URL from package descriptions. Closes: #471425 + * [patches/00_unpack.dpatch] Drop workaround for tar 1.14, even oldstable + has 1.16. Closes: #486436. + * Do not set 'tls_try_verify_hosts = *' by default anymore. Some clients + (e.g Outlook) will terminate the SSL connection when the server presents + the long list of accepted TLS certificates after STARTTLS. If TLS + certificate validation of clients is needed you'll need to set + MAIN_TLS_TRY_VERIFY_HOSTS again and point MAIN_TLS_VERIFY_CERTIFICATES to + a file containing only the accepted certificates. + Closes: #515999, #316522, #482012 + * Add debian/README.source. (Policy 3.8.3) + * Fix typo in update-exim4.conf.8. + Thanks to Calum Mackay. Closes: #543354 + * Listen on IPv6 loopback interface by default. (Only applies to fresh + installations.) Closes: #544292 + * upstream default configure file explicitly disables dkim in some + instances. Merge into Debian config and update debian/example.conf.md5. + Bump Conflicts of exim4-config package. + + -- Andreas Metzler Sat, 17 Oct 2009 14:26:54 +0200 + +exim4 (4.69-11) unstable; urgency=medium + + * Build-Depend on lynx-cur|lynx instead of lynx. (lynx is just a dummy + package currently, and due its strict dependencies uninstallable until + the most recent version of lynx-cur has been built.) + * Work around sed's improved unicode support, not accepting latin1 + characters as pattern delimiters in UTF-8 locales anymore. Closes: #527445 + + [update-exim4.conf] Go for / as separator instead. - This might have + served a purpose in earlier releases with free-form replacements but is + just overcomplicated now. + + [update-exim4defaults]: The tricky bits for exim options are the + ones that take a filename as argument (e.g. -C and -oX) or -D for + overriding macros. Use LC_CTYPE=C. + + [exim4-config.config] The sed commands deals with (lists of) hostnames + and IP(v6) addresses and nets. Use LC_CTYPE=C. + + -- Andreas Metzler Sun, 10 May 2009 10:15:34 +0200 + +exim4 (4.69-10) unstable; urgency=low + + [ Andreas Metzler ] + * Use macro CONFDIR in lowuid_aliases router, too. Closes: #507124 + * Disable shell filename expansion in update-exim4.conf using set -f. + Closes: #515668 + * Stop using set -u in update-exim4.conf. With version 4.0 bash changed its + behavior to throw an error on expansion of $* or $@ with set -u if no + positional parameters were given. Working around this is obnoxious and + harms readability, imho doing away with set -u's benefits. Closes: #518752 + * Allow setting outgoing smtp helo/ehlo by setting + REMOTE_SMTP_HELO_DATA macro directly. Previously this was just supposed + to be used as a helper macro for REMOTE_SMTP_HELO_FROM_DNS. + REMOTE_SMTP_HELO_FROM_DNS overrides a manual REMOTE_SMTP_HELO_DATA data + setting. Closes: #514113 + * [README.Debian] Bring documentation for Diffie-Hellman parameters up to + current practice, mainly by deleting most of the outdated docs. + Closes: #508749 + * [exim4 init-script]. Modify check for smtp inetd entry to use an anchored + pattern, matching "smtp" but not "smtp-foo". Closes: #516146 + * exim4-daemon-light now Provides: default-mta. See #508644. + * Ship both transport-filter.pl and ratelimit.pl in + /usr/share/doc/exim4-base/examples. Closes: #518836 + * [lintian] Add ${misc:Depends} to all Depends. + * [lintian] Add override for dbg-package-missing-depends exim4-dbg. + * Sync debian/control with override file by moving *-dbg to section debug. + * Fix grammar error in update-exim4.conf.8. (Thank's, Gerfried Fuchs) + Closes: #525248 + + [ Christian Perrier ] + * Debconf translations: + - Asturian. Closes: #511624 + - Belarusian. Closes: #516049 + - Kazakh added. Closes: #520996 + - Slovak. Closes: #523447 + - Bengali added. + + -- Andreas Metzler Sat, 02 May 2009 09:05:56 +0200 + +exim4 (4.69-9) unstable; urgency=medium + + * [update-exim4.conf]: Use POSIX character classes [:alnum:] or explicit + listing ("ABCDEF..") instead of a-z, since the latter does not work as + expected in some locales. Closes: #500691 + + -- Andreas Metzler Tue, 30 Sep 2008 20:12:27 +0200 + +exim4 (4.69-8) unstable; urgency=low + + [ Andreas Metzler ] + * Quote last n lines (configurable by changing the value of + E4BCD_PANICLOG_LINES, defaults to 10) of paniclog in warning + email sent out on non-empty paniclog. Closes: #499492 + * Fix evaluation logic of E4BCD_WATCH_PANICLOG for sending out warning + e-mails about non-empty paniclog in daily cron-job to match documentation: + + yes: Send daily warning e-mails, do not touch panniclog. + + once: Send out the mail and rotate paniclog afterwards. + + no: Do nothing. (Logfile is rotated when its size reaches 10 MB.) + (Previously the interpretations of "once" and yes were mixed up.) + + [ Debconf translations ] + * Catalan. Closes: #499299 + + -- Andreas Metzler Sun, 28 Sep 2008 12:01:39 +0200 + +exim4 (4.69-7) unstable; urgency=low + + [ Andreas Metzler ] + * Sync from ubuntu: Refer to spec.txt.gz instead of spec.txt in + README.Debian.xml. + + [ Debconf translations ] + * Korean. Closes: #491518 + * Lithuanian. Closes: #497402 + * Greek. Closes: #498466 + * Esperanto. Closes: #498796 + + -- Andreas Metzler Tue, 16 Sep 2008 19:14:08 +0200 + +exim4 (4.69-6) unstable; urgency=high + + [ Debconf translations ] + * Malayalam. Closes: #479466 + * Albanian. Closes: #480282 + * Polish. Closes: #481638 + * Vietnamese. Closes: #482641 + * Turkish. Closes: #482714 + * Brazilian Portuguese. Closes: #485384 + * Finnish. Closes: #489171 + + [ Marc Haber ] + * Have timeout.pl print a meaningful error message if perl-modules + is not installed. Have exim4-base recommend perl-modules. + Thanks to Tom Schouten. Closes: #482319 + * Create gnutls-params with mode 644 in the first place. + Thanks to Jean-Luc Coulon. Closes: #481765 + * Replace ~/.rnd with $HOME/.rnd in exim_gencerts. Thanks to + Ross Boylan for noticing this. + * exim4-config.config: send hostname --fqdn stderr to /dev/null, + we handle errors properly. Thanks to Andrew Vaughan in #481597. + + [ Andreas Metzler ] + * Fix typos/other errors in README.Debian.xml. Improve formatting. + (Thank's Georg Neis and Paul Menzel) Closes: #486105, #486106, #486116 + * Revert fancy quoting in initscript. Closes: #486667,#482752 + (fixes rc-bugs). + * [debian/control README.Debian.xml] Spelling fix ("metapackage" instead of + "meta-package"). Thank's lintian + + -- Andreas Metzler Sat, 19 Jul 2008 19:56:36 +0200 + +exim4 (4.69-5) unstable; urgency=low + + * remove chmod/chown code from exim4_refresh_gnutls-params completely + * do not remove gnutls-params in exim4-base.postinst + + -- Marc Haber Mon, 28 Apr 2008 21:46:18 +0200 + +exim4 (4.69-4) unstable; urgency=low + + * update-exim4.conf: Fix impossible code path in guessed_name check. Ouch. + Thanks to Anand Kumria. Closes: #478066 + * Regenerating the 2048 bits DH parameters takes too long for slow + systems, disable (both in the monthly cron job and postinst) and + document that paranoid people will want to regenerate them manually. + + -- Marc Haber Sun, 27 Apr 2008 10:06:39 +0200 + +exim4 (4.69-3) unstable; urgency=low + + * The "please do not file duplicate bugs" release + + [ Marc Haber ] + * Work around lsb-base regression (#477055, "wontfix") by changing + the way we quote exim's arguments in the init script, hoping that + this does not sacrifice robustness. + Closes: #477194, #477236, #477239, #477258, #477562, #476987 + * README.Debian.xml: Fix router/transport pair typo. + Thanks to Georg Neis. Closes: #463573 + * Have exim4-base Suggest swaks + * Relax exim4-dbg dependency on eximon4 to a recommends (see #463929). + * 30_exim4-config_check_rcp: Remove mention of /usr/share/doc/exim4- + config/default_acl in favor of exim4-config_files(5). + Thanks to Jon Dowland. Closes: #464539 + * Move paniclog log rotation to /etc/logrotate.d/exim4-paniclog to + allow people to manually rotate the paniclog only by calling + logrotate -f /etc/logrotate.d/exim4-paniclog. Thanks to Josip Rodin + (#396003) for this nice idea. Implement E4BCD_WATCH_PANICLOG=once + as suggested by Vasilis Vasaitis. + * activate dlfunc. Closes: #471314 + * set LC_ALL=C in debian/rules. Thanks to Michael Meskes. Closes: #471486 + * Document that Incredimail's TLS "implementation" breaks on a + certificate request. Thanks to Andrew McGlashan. Closes: #459323 + * Fix parenthesis mismatch in README.Debian + * exim4_refresh_gnutls-params: Call openssh dhparam with + HOME=$EXIM4_SPOOLDIR so that openssl's .rnd file is placed there. + * update-exim4.conf: print a warning if dc_minimaldns and hostname + --fqdn does not print a fully qualified name. Thanks to Lothar + Ketterer. Closes: #476249 + * DH parameters handling: Closes: #475194 + * add dpatch to have exim use 2048 bit DH parameters + * ship static gnutls-params file with the package. + * Override resulting lintian warning. + * generate new gnutls-params only monthly and in postinst on configure. + * exim4_refresh_gnutls-params: + * generate 2048 bit DH parameters + * dh-params file can be world readable + * Filter out noise from mainlog before handing it off to eximstats + in daily cron job. Thanks to Justin Pryzby. Closes: #476541 + * Move docs from Apps/Net to Network/Communication + * linda R.I.P. + + [ Robert Millan ] + * Process acl_local_deny_exceptions ACL before rejecting a message in SPF + check. Thanks to Miklos Szeredi. Closes: #451633 + + [ Andreas Metzler ] + * Fix typos in exinext's man page (/s/eximnext/exinext/). (Thanks, + Filipus Klutiero) Closes: #471113 + * exiwhat: Check at runtime whether killall is available. Fall back to a + combination of 'ps ax' and regular kill otherwise. + Closes: #476455 + * Fix wrong logic in testing for existence of lsb-base functions in init + script. (Thanks, Tim Cross) Closes: #477578 + + -- Marc Haber Sat, 26 Apr 2008 00:00:30 +0200 + +exim4 (4.69-2) unstable; urgency=low + + [ Marc Haber ] + * update-exim4.conf: fix bashism echo -n in preprocess_macro. + Thanks to Michal Politowski. Closes: #462173 + + [ Christian Perrier ] + * Debconf translations updates: + - German. Thanks to Eric Schanze. Closes: #462673 + + [Andreas Metzler] + * Add missing .P to exim_db.8 to fix indenting. (Thanks, David L. Anselmi) + Closes: #462712 + * Add (disabled) patch to save random seed to a file + + -- Marc Haber Wed, 30 Jan 2008 09:26:56 +0100 + +exim4 (4.69-1) unstable; urgency=low + + [ Marc Haber ] + * New upstream version. + - improve --help handling. Closes: 438435 + * Debconf translations updates: + - Dutch. Thanks to Bart Cornelis. Closes: #448924 + - Norwegian Bokmål. Thanks to Hans Fredrik Nordhaug. Closes: #452383 + - Slovak. Thanks to Peter Mann. Closes: #460502 + - Catalan: fix some semicolon issues and most obvious fuzzy strings. + Thanks to Jordà Polo. Closes: #447765. + * Add support for smtp_accept_max_nonmail_hosts to ease external + relay testing. + * Make Change to init script dependencies as suggested by Petter + Reinholdtsen. Closes: #460229 + * debian/control: + * Add Homepage field to Source Package stanza. + * Standards-Version: 3.7.3 (no changes necessary) + * lintian/overrides: + - Override all description-contains-homepage messages, + we're going to keep this field around until post-lenny. + - Override exim4-daemon-heavy: package-contains-empty-directory + usr/lib/exim4/local_scan/, the directory should be there to show + people where to put local extensions (and I am not sure how exim + behaves if that directory is not there). + * linda/overrides: + - Override menu section Applications, which is a false alert. + - Override complaint about newer standards version. + - This override does not work due to #386647 + * exim4-base.NEWS: fix Debian's typo + * exim4-base.dirs: remove usr/bin, we do not ship any files there. + * Generate exim macros from every definition found in ue4cc that + starts with a capital letter (sans CFILEMODE) to cater for an + obviously very common user error. This feature is going to stay + undocumented. + + [ Christian Perrier ] + * Debconf translations updates: + - Dzongkha. Thanks to Tenzin Dendup. Closes: #455871 + - Slovak. Thanks to Peter Mann. Closes: #460502 + + [ Andreas Metzler ] + * Fix typo in acl/20_exim4-config_local_deny_exceptions. (Thanks, Roderick + Schertler) Closes: #456343 + + -- Marc Haber Tue, 22 Jan 2008 09:19:14 +0100 + +exim4 (4.68-2) unstable; urgency=low + + [ Marc Haber ] + * Fix changelog: lowuid router does not close #420217. Closes: #440217 + + [ Andreas Metzler ] + * Mention /etc/exim4/exim4.conf in FILES section of update-exim4.conf.8. + * Fix syntax error in real-local router. Closes: #446346 + * Configuring exim as configtype="internet host" asks a different set of + questions than e.g. satellite. However some of the settings controlled by + these hidden questions still have effects on exim's behavior. Change + exim4-config to ask these hidden questions if they have been set to a + non-default value. (Either manually, or by switching configtype after + setting the values.) Closes: #443210 + These questions have been added conditionally: + - internet site with smarthost: + + dc_relay_domains + - satellite + + dc_relay_domains + + dc_localdelivery + + -- Marc Haber Thu, 01 Nov 2007 19:17:36 +0100 + +exim4 (4.68-1) unstable; urgency=low + + * new upstream version. Closes: #444195 + * Documents tls_verify_hosts during TLS sessions. Closes: #422419 + * new example.conf md5 sum + * Move lowuid router to a later place, handle real- only for + locally generated messages. Thanks to Andreas Metzler and others + on pkg-exim4-devel. Closes: #440217 + * /etc/init.d/exim4: + * Use start_daemon and killproc from lsb-base + as a new plunge at #396944 + * Do not clean the environment as severly as before (functions + need to survive). + * README.Debian: + * Document that using client certificates needs extra + configuration. Thanks to John Goerzen. Closes: #440663 + * conf.d/main/03_exim4-config_tlsoptions: Make it clear that this + file only concerns exim as an SMTP server. + * exim4-config.preinst: Add EX4DEBUG facility, add rm_conffile + function + * Rename acl_whitelist_local_deny to acl_local_deny_exceptions + as suggested by Ross Boylan. Closes: #387078. + * Switch Build-Depends to db4.6. Closes: #442645 + * Debconf translations updates: + - Portuguese. Thanks to Miguel Figueiredo. Closes: #441895, #445494 + - Norwegian Nynorsk. Thanks to Håvard Korsvoll. + * exim4-config.NEWS: Explicitly mention that .dpkg-old and + .dpkg-dist files are included in the DEBCONFsomethingDEBCONF check to + allow lazy people to only grep the docs instead of actually reading + them. This was requested by Hamish Moffatt in #445327. + + -- Marc Haber Sun, 07 Oct 2007 21:38:22 +0200 + +exim4 (4.67-8) unstable; urgency=low + + [ Marc Haber ] + * Define REMOTE_SMTP_HELO_DATA and REMOTE_SMTP_HELO_FROM_DNS macros + to have exim pull its HELO name from DNS automatically. + Thanks to Jari Aalto and Magnus Holmgren. Closes: #275975 + * Enable DNSDB in exim4-daemon-light (needed by the HELO magic) + * update-exim4.conf: Allow [] in ascii strings (needed for @[]) + * Improve domain literal docs + * Remove debconf template noalias_regenerate + * Fix PRIMARY_HOSTNAME typo in main/02_exim4-config_options. + Thanks to Tim Krah. Closes: #434337 + * fix alphabet salad in README.Debian. Closes: #434640 + * Add E4BCD_DAILY_REPORT_TO to daily cron job. + Thanks to Florian Schlichting. Closes: #426840 + * Fix /etc/exim paths in exim4-config_files(5). + Thanks to Marques Johansson. + * Debconf translations updates: + - Japanese. Closes: #433070 + - Spanish. Thanks to Javier Fernández-Sanguino Peña. Closes: #433084 + - Thai. Thanks to Theppitak Karoonboonyanan. Closes: #433177 + - Arabic. Thanks to Ossama Khayat. Closes: #433222 + - Hebrew. Thanks to Baruch Even. Closes: #433291 + - Italian. Closes: #433200 + - Galician. Closes: #433218 + - Portuguese. Thanks to Miguel Figueiredo. Closes: #433293 + - Hungarian. Thanks to Josip Rodin. Closes: #433336 + - Punjabi. Thanks to Amanpreet Singh Alam. Closes: #433578 + - Marathi. Thanks to Priti Patil. + - Wolof. Thanks to M Mamoune Mbacke. Closes: #433701 + - Indonesian. Thanks to Arief S Fitrianto. Closes: #433758 + - Romanian. Thanks to Eddy Petrisor. Closes: #433854 + - Nepali. Thanks to shyam krishna bal. Closes: #435345 + - Swedish. Thanks to Daniel Nylander. Closes: #435705 + + [ Andreas Metzler ] + * Update eximon menu file for menu 2.1.35 hierarchy. + + [ Christian Perrier ] + * Fix typo in README.Debian.xml. Thanks to + Closes: #434961 + + -- Marc Haber Sun, 19 Aug 2007 09:25:10 +0200 + +exim4 (4.67-7) unstable; urgency=low + + * only generate HIDE_MAILNAME macro if its value is really non-empty + + -- Marc Haber Sat, 14 Jul 2007 08:47:40 +0200 + +exim4 (4.67-6) unstable; urgency=low + + * Add some more debugging output to maintainer scipts, hopefully + nailing #396944 which has surfaced again. + * Improve wording in NEWS.Debian for exim4-config. + Closes: #431019, #431130 + * Issue DEBCONFfooDEBCONF warning as well for + DEBCONFheaders_rewriteDEBCONF. + Thanks to John Goerzen. Closes: #431088 + * fix localhost inserted twice into local_domains. Closes: #432394 + * fix MAIN_RELAY_TO_DOMAINS in update-exim4.conf. + Thanks to Ben Wheeler. Closes: #432521 + * Document that special handling is needed for host lists that only + consist of a single IPv6 address. Thanks to Frederic Daniel Luc + Lehobey. Closes: #432229 + * Add forgotten (conditional) definition of REMOTE_SMTP_HEADERS_REWRITE + and REMOTE_SMTP_RETURN_PATH for remote_smtp transports. + Thanks to Miguel Martins Feitosa Filho. Closes: #432716 + * Debconf translations + * Bulgarian completed. Closes: #431957, #430521 + * Update Tamil. Thanks to Tirumurti Vasudevan. Closes: #432181 + * Update Spanish. + Thanks to Javier Fernández-Sanguino Peña. Closes: #429940 + + -- Marc Haber Fri, 13 Jul 2007 22:22:09 +0200 + +exim4 (4.67-5) unstable; urgency=low + + * the "verderben viele Koeche den Brei?" release + + [ Andreas Metzler ] + * Point to exim4_passwd(5) instead of non-existing exim_passwd(5) in AUTH + section of configuration. (Thanks Arkadiusz Dykiel, #430149) + * update-exim4.conf check_ascii_pipe(): Accept < since we use it for list + construction. Closes: #430391 + * Anchor UPEX4CmacrosUPEX4C in update-exim4.conf + + [ Robert Millan ] + * Update informational message in SPF ACL to use the latest + http://www.openspf.org/Why API. + + [ Debconf translations ] + * French completed and converted to UTF-8 + * All remaining non UTF-8 translation switched to UTF-8 + + [ Marc Haber ] + * do not quote error message in lowuid router + * replace commented UPEX4CmacrosUPEX4C with UPEX4CmacrosUPEX4C exim + configuration macro definition as placeholder for ue4c-generated macros. + + [ Christian Perrier ] + * Correct the invalid ${fqdn} variable in exim4-config.templates + + -- Marc Haber Thu, 28 Jun 2007 09:22:04 +0200 + +exim4 (4.67-4) unstable; urgency=low + + * update-exim4.conf: + * fix embarrassing typo in update-exim4.conf that broke macro + expansion for two values. + Thanks to Andrew Chittenden. Closes: #429828 + * Allow ! and * in ue4cc. + Thanks to Dieter Hametner and Raf D'Halleweyn. Closes: #429986 + * have @ and localhost added to local_domains list. + Thanks to a big number of people. Closes: #429939 + * eliminate -e && chmod construct as a possible cause of #429617. + Thanks to Martin Ketzer and Silvestre Zabala + * Now barfs if DEBCONFsomethingDEBCONF is still found in the + configuration file. Thanks to a truckload of users who were too lazy + to read the docs, did not accept the suggested configuration file + changes and then complained about a non-working exim ("malformed macro + definition") + * README.Debian: Document the new low-UID handling mechanism. + Thanks to Johannes Rohr. Closes: #429878 + * debian/rules: do not ignore make clean errors + * Debconf translation updates: + - Basque. Closes: #429626 + - Czech. + - Brazilian Portuguese. Closes: #429867 + + -- Marc Haber Fri, 22 Jun 2007 13:55:15 +0200 + +exim4 (4.67-3) unstable; urgency=low + + [ Andreas Metzler ] + * Initialize permissions of bug-script and exim-adduser as 755, since diff + does not preserve permissions. Both were shipped as 644 in binary packages + not built with svn-buildpackage. Closes: #420446 + + [ Marc Haber ] + * Merge experimental changes from revision 2018:2073 + * Fix "Zahlendreher" in closure of #427690. Closes: #427690 + * update-exim4.conf: + * finally get rid of the DEBCONFfooDEBCONF stuff. That information + is now passed to the configuration by ue4c by directly setting exim + macros in the configuration. This has caused both the configuration + and ue4c to be much shorter. + * run with -e, -C and -u. + * convert input read from update-exim4.conf.conf to lower case + * barf if strange characters are found in ue4cc. Closes: #400294 + * Remove superfluous "x$foo" = "xbar" constructs from scripts + * Add routers to reject mail to accounts with low UID. + Closes: #400790. + * Make daily cron job barf if /usr/bin/mail is not found. Have + exim4-base recommend mailx. Closes: #427690 + * Have all -daemon packages provide exim4-localscanapi-1.0 and + exim4-localscanapi-1.1 as requested by Magnus Holmgren while fixing + #426425. Also include exim4-localscan-plugin-config script with + exim4-dev. Thanks to Magnus for helping with this. Closes: #428274 + * remove /etc/exim4/email-addresses symlink and document this. + Thanks to Josip Rodin. Closes: #420578 + * introduce conf.d/250_exim4-config_lowuid which optionally allows + to reject (or alias away) mail to low-uid accounts that are not + listed in an exception list. Thanks to Dominic Hargreaves, + Marc Sherman and Ross Boylan. Closes: #400790, #307768, #331716 + * remove versioned depends on cron, since the version we need is + well before sarge. + * Add cron | fcron dependency. Fcron is going to be removed again + at the first sign of trouble. Closes: #381806 + * remove move_exim3_spool debconf template. Closes: #391762 + * replace openssl gendh with openssl dhparam. Closes: #413235 + * adapt docs, README and manpages + * have Hilko fix the lynx-dump postprocessing to repair generating + README.Debian text version. Thanks! + * increase README.Debian generation robustness. Thanks to Hilko. + * debconf: + * Partly apply Christian Perrier's patch for reviewed + templates and control file. Closes: #426980 + * Other minor template changes. + * get rid of "mails" in debconf templates, use "messages" instead. + Re-word local_interface debconf template. Other minor changes. + Thanks to Jens Seidel and Christian Perrrier. Closes: #394976 + * re-work exim4-config.config logic to have split/non-split config + asked last instead of first. This partly addresses #410756. + * Add exim4-daemon-heavy.templates, exim4-daemon-light.templates + and exim4.templates to POTFILES.in + * Re-Word dc_other_hostnames debconf template. + Thanks to Hans G. Ehrbar. Closes: #421860 + + [ Christian Perrier ] + + * Debconf translation updates: + - French + - Ukrainian. Closes: #427793 + - Bulgarian. + - Thai. + - Galician. + - Swedish. + - Punjabi. + - Indonesian. + - Italian. + - Khmer. + - Traditional Chinese. Closes: #428072, #428069. + - Portuguese. + - Simplified Chinese. + - Marathi + - Romanian. Closes: #429242 + - Russian. Closes: #429352 + + -- Marc Haber Mon, 18 Jun 2007 10:26:20 +0200 + +exim4 (4.67-1) unstable; urgency=low + + [ Marc Haber ] + * new upstream version + * remove 37_upstream-patch-384015-add_headers + * remove 80_disable_rsa_export + * remove 80_upstream_408174_4-64-PH18 + * EDITME patch changes to allow for 4.67 + * enable dovecot authentication + * Upstream patch from Magnus Holmgren included upstream. + Thanks to Simon Walter. Closes: #407957 + * Upstream patch PH/18 included upstream. + Thanks to Marc Schiffbauer. Closes: #408174 + * merge experimental changes + * exim man page patch changes for 4.67 + * robustness patches for + * create-custom-package + * exim-gencert + * exim4-base.config + * exim4-base.postinst + * exim4-config.config + * exim4-config.postinst + * exim4-daemon-light.postinst + * update-exim4defaults + * replace backticks with $() notation + * Add patch to 50_localscan_dlopen to reduce dynamic symbol table. + Thanks to Magnus Holmgren. Closes: #413602 + * remove woody compatibility hacks from + * exim4-daemon-light.postinst + * exim4-config.postinst + * Fix eximnext => exinext in man page. + * README.Debian: + * add warning to "IP addresses for incoming connections" section. + * add new chapter about how to influence exim's behavior. + * add missing closing bracket. Thanks to Martin Schwarz. Closes: #419700 + * update-exim4.conf(8): + * clarify update-exim4.conf about how ue4cc and exim configuration + interface + * remote_smtp_smarthost transport: make hosts_try_auth host list + semicolon-separated to correctly handle IPv6 + * multiple minor changes to lintian overrides + * debian/control: have exim4 depend on debconf (>= 1.4.69) | cdebconf + (>= 0.39) explicitly to allow usage of debconf error template type. + + [ Christian Perrier ] + * Esperanto debconf translation update (Serge Leblanc). Closes: #415590 + * Marathi debconf translation added (Priti Pathil). Closes: #416801 + + -- Marc Haber Sat, 21 Apr 2007 11:48:48 +0200 + +exim4 (4.63-17) unstable; urgency=low + + * 30_exim4-config_examples: add missing backslash in non-TLS client + login authenticator. Thanks to Kai Weber. Closes: #407567 + + -- Marc Haber Sat, 20 Jan 2007 10:38:16 +0100 + +exim4 (4.63-16) unstable; urgency=low + + * Add ta (Tamil) translation of Tirumurti Vasudevan + Closes: #406974 + * exim4_refresh_gnutls-params: allow EXIM4_SPOOLDIR to be overridden from + the environment. Closes: #406989 + * Re-work client authenticators to handle passwords containing + colons and circumflexes. Thanks to Steaphan Greene. Closes: #406686 + * transport/30_exim4-config_remote_smtp_smarthost: feed + hosts_try_auth from $host and $host_address, avoiding issues with + round-robin DNS setup. + Thanks to Celejar and Heiko Schlittermann. Closes: #403583 + + -- Marc Haber Thu, 18 Jan 2007 21:10:34 +0100 + +exim4 (4.63-15) unstable; urgency=low + + * keep config.h from being installed in exim4-base. + Thanks to Aaron M. Ucko. Closes: #405824 + + -- Marc Haber Sat, 6 Jan 2007 22:12:05 +0100 + +exim4 (4.63-14) unstable; urgency=low + + * patch LOCAL_SCAN_ABI_VERSION to 1.1 in 50_localscan_dlopen after + consulting with Magnus Holmgren. + * Fix update-exim4.conf.8 manpage + * FILES section is no longer doubled + * NAME is no longer multi-line + * proper reference to ue4cc in FILES section + * Thanks to Angus Mackenzie + * debian/rules + * allow buildbasepackages and extradaemonpackages to be set from + the environment + * fix buildbasepackages=no and extradaemonpackages which were + broken due to the new -dev binary package + * remove "" in various places, this is Make not shell + * add optional debugging output for variables that are meant to be set + externally + * clean now unpatches first, otherwise clean fails because files + are first deleted and then non-existing files are unpatched + * take config.h from first non-light daemon package built instead + of -heavy (we might not be building -heavy but still need -dev) + * Thanks to Gerfried Fuchs for actually using these features and + finding this bug group. + * exim4.init: Now returns 0 when starting and daemon already + running, and when stopping and daemon already stopped. This fixes LSB + compliance. Thanks to Heiko Schlittermann. Closes: #404182 + + -- Marc Haber Fri, 5 Jan 2007 16:34:58 +0100 + +exim4 (4.63-13) unstable; urgency=low + + * Fix mangled sense in /etc/aliases exim4-config_files(5) man page. + Thanks to Angus Mackenzie. + * [update-exim4.conf.8] exim4-config_files manpage is in section 5 instead + of 8. Thanks to Angus Mackenzie. Closes: #404494 (am) + * Clarify /etc/exim4/passwd.client host name lookup to go after the + reverse DNS entry in exim4-config_files(5) man page. + * Update uk (Ukrainian) translation of debconf templates. + Thanks to Eugeniy Meshcheryakov and Yanovych Borys. Closes: #404481 + * Update sl (Slovenian) translation of debconf templates. + Thanks to Matej Kovacic. Closes: #404481 + * merge in experimental changes: + * create exim4-dev package for sa-exim and other packages. Closes: #401462 + * fix broken usage of DPATCH_WORKDIR (dpatch-edit-patch didn't + work with tarballed upstream) + * don't use DPATCH_WORKDIR any more + * modify patches to apply to build-tree + * remove leftover debugging output from debian/patches/00_unpack.dpatch + + -- Marc Haber Tue, 2 Jan 2007 14:43:59 +0100 + +exim4 (4.63-12) unstable; urgency=low + + * exim4-base.postinst: Redirect command -v's stdout to /dev/null + * update-exim4.conf: add lots of quoting to increase robustness. + Thanks to Paul Slootman. Closes: #403605 + * Debconf templates translation updates and new translations: + - Esperanto + - Norwegian Nynorsk (Håvard Korsvoll). + - Punjabi (A.S. Alam). + - Malayalam (Praveen A). Closes: #402541 + - Italian (typos corrected by Davide Viti). Closes: #403199 + - see Last-Translator for rewards) + + -- Marc Haber Wed, 20 Dec 2006 14:23:57 +0100 + +exim4 (4.63-11) unstable; urgency=low + + * Remove patch to spec.txt for pkg-exim4-users, it is included + upstream. No idea why this patch even applied correctly. + * README.Debian: + * Fix wrong pidfile name + * Move FAQ to the Wiki + * Adapt "Using completely different configuration scheme" to also + mention /etc/exim4/exim4.conf. + * Move titles in the same line as the section statement, making it + easier to work with a code folding editor. + * exim4_files(5): fix recommended permissions for passwd[.client]. + Thanks to Georg Neis. Closes: #398365 + * Remove temporary gnutls parameters file if neither certtool nor + openssl are installed. Closes: #399023 + * Fix path to gnutls-params file in exim4-base.postinst. + Thanks to J.L. Fernandez. Closes: #400794 + * Translation updates (see Last-Translator for rewards). + - Punjabi (not yet complete) + - Hebrew (not yet complete) + - Portuguese. Closes: #399242 + * merge changes from experimental: + * enable sqlite for exim4-daemon-heavy. + Thanks to Adrian Phillips. Closes: #398718 + * Add Build-Dependency on libsqlite3-dev. + Thanks to Frank Lichtenheld. Closes: #398880 + * Build-Depends + * add po-debconf + * add bzip2 + * debian/rules: + * run debconf-updatepo in clean targets + * adapt build system to allow direct building from an upstream tarball + * needs tardy at build time on sarge, but not on newer distributions + * use dpatch-run for patches instead of locally programmed handling + * add lintian overrides: + * partially-translated-question exim4/dc_eximconfig_configtype for + cy, eo, et, he, mk, nn, pa, pl, sl, tl, uk - translators, move! + * possible-debconf-note-abuse config:15 */drec + * remove gratuitous exim4-daemon-heavy.postinst + (it is symlinked at build time) + + -- Marc Haber Fri, 1 Dec 2006 11:16:34 +0000 + +exim4 (4.63-10) unstable; urgency=low + + * The "praise Osamu Aoki" release. + * Translation updates (see Last-Translator for rewards). + - Dutch. Closes: #396725 + * README.Debian: + * Add information about how to obtain reportbug information for + mailing list questions. + * Point people directly to passwd.client man page instead of the + file itself. Thanks to Osamu Aoki. + * Re-work the /etc/aliases section. + * Improve smarthost description in update-exim4.conf(8) man page. + Give examples. Thanks to Osamu Aoki. + * include documentation for /etc/aliases in exim4-config_files(5) + man page. Symlink to etc-aliases(5). + Thanks to Osamu Aoki. Closes: #397042 + * Change symlink of exim4-config_files(5) to email-addresses(5) to + point to etc-email-addresses(5) for consistency. + * Use nwildlsearch to index into passwd.client to allow wildcards + here. Thanks to Osamu Aoki. This is another pain relief for #244724. + * use printf instead of echo in daily cron job. + Thanks to Ming Hua. Closes: #395448 + * Add de-uglyfication request to man pages. + + -- Marc Haber Sun, 5 Nov 2006 10:36:28 +0000 + +exim4 (4.63-9) unstable; urgency=low + + * Fix a spelling error in templates: s/adviseable/advisable + Thanks to Jens Seidel for spotting it + * Translation updates (see Last-Translator for rewards). + - Bosnian. Closes: #396592 + - Bulgarian. Closes: #396558 + - Greek. + - Lithuanian. Closes: #396478 + - Norwegian Bokmål. Closes: #391768 + - Wolof. Closes: #395944 + * Have ue4c barf on more lookup types found in more ue4cc fields, + courtesy to regexp from hell. + + -- Marc Haber Thu, 2 Nov 2006 18:07:24 +0000 + +exim4 (4.63-8) unstable; urgency=low + + * Translation updates (see Last-Translator for rewards). + - Albanian. Closes: #394725 + - Arabic + - Basque + - Catalan + - Chinese (Simplified) + - Chinese (Traditional) + - Croatian + - Czech + - Dzongkha + - Finnish. Closes: #393644 + - German + - Italian. + - Korean. Closes: #394235 + - Nepali + - Norwegian Bokmal. Closes: #394270 + - Portuguese + - Romanian + - Russian. + - Slovak + - Turkish + * README.Debian + * remove wiki references from README.Debian + * remove dc_local_delivery FAQ entry since this is now debconfized + * Fix typos, replace "documented below" with a direct link. + Thanks to Olaf van der Spek. Closes: #394617 + * exim4-config.templates + * Fixed typo: s/arbitrary/arbitrarily + * Extra space removed at the end of a line. Closes: #394569 + * Change references to inexistent README.Debian.html and README.Debian, + both replaced by README.Debian.gz. Thanks to Eric Schanze for spotting + this. + * Various English use changes suggested by Jens Seidel. Closes: #394651 + * update-exim4.conf: Fix wrong behavior if a debconf list answer already + starts with "<". Thanks to Vineet Kumar. Closes: #393843 + * conf.d/main/02_exim4-config_options: Use upstream's wording for + rfc1413 configuration, fix wrongly commented timeout value. + Thanks to Andre Bischoff on IRC. + * conf.d/transports/35_exim4-config_address_directory: Add + delivery_date_add, streamline other options' syntax. + Thanks to Dominic Hargreaves. Closes: #393930 + * Remove commented out inetd entries from maintainer scripts, we are + not going to support inetd again. + * Zap gnutls-params in postinst if old binary format is detected. + Exim cannot read that file any more since RSA_EXPORT has been removed. + Always kill the file if file(1) is not present, recommend file(1). + Thanks to John Goerzen. Closes: #394598 + + -- Marc Haber Mon, 23 Oct 2006 20:49:46 +0200 + +exim4 (4.63-7) unstable; urgency=low + + * Translation updates (see Last-Translator for rewards). Closes: #391768 + - Brazilian Portuguese + - Danish. Closes: #392548 + - Galician + - Hungarian + - Indonesian + - Japanese + - Spanish + - Thai + * Do not ask for local delivery method if custom entry (i.e. neither + maildir_home nor mail_spool) has bin set in update-exim4.conf and continue + to use this custom setting instead of overwriting it with mail_spool. (am) + Closes: #392993 + * Special-case "dsearch;" constructs in dc_other_hostnames, no + longer supported. Adapt documentation accordingly. + * Adapt docs and man pages so that they do not longer suggest that + answers to debconf questions might use all exim + host/address/domain list features. + * fix ue4c to handle more than one smarthost correctly. + * Handle spaces, commas and semicolons as separator in root alias + handling. + * Wolof translation contained a comma in the translation of a element of the + Choices list for the dc_eximconfig_configtype question, replace it with a + semicolon. (am) + + -- Marc Haber Sat, 14 Oct 2006 23:45:17 +0000 + +exim4 (4.63-6) unstable; urgency=low + + * s/ipv6/IPv6 in templates (general writing consistency) + * Translation updates (see Last-Translator for rewards) + - Arabic (partial) + - Basque (partial) + - Croatian (partial) + - Greek (partial) + - Khmer + - Spanish (partial) + - Swedish + - Vietnamese. Closes: #392772 + * README.Debian: + * Fine tuning of SMTP AUTH and TLS docs after user feedback + received over $BEVERAGE irl. + * Adapt configuration chapter to re-worded templates. + * Fix exim4_files man page names to not pollute name space. + * Clarify exim4-config_files man page to reflect that the host name + given there does not actually influence the routing decision. + Thanks to Sven Luther. + * Fix list separator handling for dc_other_hostnames in ue4c. + Thanks to Alexandre Fayolle. Closes: #392831 + + -- Marc Haber Sat, 14 Oct 2006 07:40:05 +0000 + +exim4 (4.63-5) unstable; urgency=low + + * define MAIN_LOG_SELECTOR conditionally. + Thanks to Aaron M. Ucko. Closes: #390758 + * Fix typos in man pages. Thanks to A. Costa. + Closes: #390705, #390706, #390707 + * Address #373786: + * cron.daily: Try UID change with start-stop-daemon, and fall + back to su if that fails. This should enhance compatibility + with libpam-tmpdir. + * exim4_refresh_gnutls-params: don't drop privileges any more, + generate gnutls-params as root and chown them later. + * Thanks to Piotr Kaczuba and Tollef Fog Heen. Closes: #373786 + * Add debugging facility to exim4_refresh_gnutls-params + * Debconf-Rework + * update-exim4.conf: expand UE4CC_semicolon list to allow + semicolons in all debconf questions as list separators for consistency. + * Do template changes suggested by Christian Perrier. Closes: #260141 + * new mail name template thanks to Jari Aalto. Closes: #275953 + * relay templates changes thanks to Ross Boylan. Closes: #342061 + * remove conftype exim3manual. Closes: #355265 + * use semicolon as list separator in debconf templates. ue4.conf + handles both semicolons and colons since #360162. Thanks to Adam + Borowski. Closes: #365428 + * Make existing templates style-compatible regarding developer's + reference. + * Lower priorities so that the Installer can do its work without + exim4 asking questions. Closes: #379485 + * Modify templates saying that smarthost::port is a valid + notation. Modify transport/30_exim4-config_remote_smtp_smarthost to + take only the first part of DCsmarthost (up to first colon) as host + name for hosts_try_auth. This allows debconf configuration of a + different port to connect to the smarthost. Closes: #251949 + * Add debconf template to packages telling people to dpkg-reconfigure + exim4-config. + * Allow choosing between delivery to /var/mail or ~/Maildir with debconf. + (am) Closes: #250980, #274560, #289959 + * Translation updates (see Last-Translator for rewards) + - Brazilian Portuguese + - Danish + - Galician + - Slovak + - Thai + - Turkish + - Romanian + - Japanese + - French + * Patch by Florian Weimer which disables RSA_EXPORT support which + should eliminate the "exim blocking on entropy starvation" issue. + * update-exim4.conf: Take only the first word from /etc/mailname as + system mail name. Thanks to Mike Mestnik. Closes: #215319. + * init script: log_failure_message alert if non-zero paniclog is + found. Thanks to Andreas Barth. + * README.Debian: document cron job, including paniclog monitoring. + Thanks to Stephen Gran. + + -- Marc Haber Tue, 10 Oct 2006 16:50:27 +0000 + +exim4 (4.63-4) unstable; urgency=low + + * Make update-exim4.conf man page also update-exim4.conf.conf man page. + * Fix SPF error message when $sender_address_domain is undefined (i.e. sender + is <>). (rm) + * Change debian/rules documentation for daemon-custom build. + Thanks to Guido Hennecke. Closes: #386135 + * Rotate paniclog by size, not daily, to avoid rotating away + messages after complaining from the daily cron job. + Thanks to Dirk Meyer. + * Update Slovak translation. + Thanks to Peter Mann. + * Add Wolof translation. + Thanks to M Mamoune Mbacke + * Add a paragraph explaning the gnutls-bin suggestion to ease DH + parameter generation in case of entropy starvation. + Thanks to Andi Barth and Florian Weimer. + * Since a new version of sysvinit upload will move /var/run/ to a tmpfs + directories under /var/run/ and their permissions are not persistent + anymore but will be lost after a reboot. - Re-generate /var/run/exim4 in + the init script to compensate for this. (am) (closes: #387699) + * update-exim4.conf: Exit with an error if dc_use_split_config is neither + true nor false instead of replacing the configuration with an empty one. + (am) Closes: #386554 + * More intelligence for exim4_refresh_gnutls-params: + * If certtool (from gnutls-bin) is unavailable but openssl is installed + use openssl to re-generate DH params. (am) + * Change exim4-base Suggests on gnutls-bin to gnutls-bin|openssl. (am) + * Move invocation and background mechanism to exim4_refresh_gnutls-params. + Script can now be called any time from the command line or any + other script. + * Only regenerate dh params if tls_advertise_hosts is non empty. + According to Florian Weimer, DH params are only needed for + incoming TLS connections. + * Thanks, Yuri D'Elia. This addresses #387448 + * Improve entropy and gnutls-params docs. + * cron-daily: + * Invoke exim4_refresh_gnutls-params unconditionally. + * Send out e-mail alert if gnutls-params is older than 14 days. + * rename config varables to E4BCD_, source /etc/default/exim4 + * introduce a E4BCD_PANICLOG_NOISE variable containing a regexp. + Paniclog is negatively filtered against that regexp and paniclog + warning is only sent out if unfiltered lines remain. This is to allow + work around http://www.exim.org/bugzilla/show_bug.cgi?id=92 + * Prepare hosts_avoid_tls statement on SMTP transports + * Macroize log_selector, remove +tls_cipher from examples (it is on + by default) and always set tls_peerdn (we use TLS by default for + outgoing connections). Make it easier to enable debug logging. + * Mention in the comments of the default RCPT ACL that verification + is likely to have false negatives in smarthost/satellite setups. This + is the easiest way to fix #388460; the "real" fix would be very very + complicated and thus unsuitable for the default configuration. + Closes: #388460 + * README.Debian: + * Re-Work "misc" section to contain subsection. Fix minor + formatting issues. + * Add a section about SELinux to the misc subsection saying that + we currently do not have an SELinux policy but would appreciate + people helping here. This is already bug #387327 and #390179. + + -- Marc Haber Sun, 1 Oct 2006 14:37:53 +0000 + +exim4 (4.63-3) unstable; urgency=low + + * Have exim4-config conflict with exim4-daemon-* << 4.63. + Thanks to Yannick Roehlly. Closes: #383420, #384058 + * Tweak NEWS.Debian formatting. Remove asterisks and make sure that + contents lines start with four spaces. + * exim4-config.NEWS: A pair of minor fixes in SPF entry. (rm) Closes: #383708 + * Apply upstream fix allowing header names with an odd number of + characters in add_headers in filters. + Thanks to Tony Finch. Closes: #384015 + * Add documentation for inaccessible home directories. + Thanks to Juha Jäykkä. Closes: #383469 + + -- Marc Haber Wed, 23 Aug 2006 17:16:38 +0000 + +exim4 (4.63-2) unstable; urgency=low + + * upload to unstable + + -- Marc Haber Tue, 15 Aug 2006 20:35:55 +0000 + +exim4 (4.63-1) experimental; urgency=low + + * New upstream version 4.63 + + Change PostgreSQL charset handling. Closes: #369351 + + Recognize SMTP codes at the start of "message" in ACLs and after + :fail: and :defer: in a redirect router. Add forbid_smtp_code to + suppress the latter. forbid_smtp_code is enabled in Debian's + default config. Closes: #378131 + * Adapt configuration to current upstream + + re-work RCPT ACL. Closes: #379155 + + add new comments to default authenticators + + use $auth[123] instead of $[123] which are now deprecated + + forbid_smtp_code on userforward router + * Add missing dependency on lsb-base (>= 3.0-3), needed for the new + init-script shipped in exim4-base. (am) + + -- Marc Haber Tue, 1 Aug 2006 10:47:44 +0000 + +exim4 (4.62-5) unstable; urgency=low + + * Fix typo in exim4-base daily cron job. + Thanks to Salvatore Bonaccorso. Closes: #381048 + * Fix language issues in package descriptions + + -- Marc Haber Tue, 8 Aug 2006 15:02:14 +0200 + +exim4 (4.62-4) unstable; urgency=low + + * Add missing dependency on lsb-base (>= 3.0-3), needed for the new + init-script shipped in exim4-base. (am) + + -- Marc Haber Tue, 1 Aug 2006 11:03:57 +0000 + +exim4 (4.62-3) unstable; urgency=low + + * remove pkg-exim4-user mail address from README.Debian, mention + that one needs to be subscribed to post. + Thanks to Ross Boylan. Closes: #368242 + * re-word -o description in update-exim4.conf(8) man page. + Thanks to Ross Boylan. + * Flag update-exim4.conf(8) man page for a re-work in its BUGS + section. + * Give a - hopefully - better explanation of the mail name thingy in + README.Debian. + * Fix occurrences of default_acl file in documentation. Make part of + README.Debian less confusing. + Thanks to Ross Boylan. Closes: #376459 + * When installing via apt using dpkg-preconfigure the value of + dc_hide_mailname was overwritten during the second run of the debconf + script (invoked by postinst), before the value was stored in the + configuration file. Fix this. (am) Closes: #376460 + * Make spamassassin example in 40_exim4_config_check_data actually + work, add link to documentation for "really suiteable" configuration + examples. Thanks, again, to Ross Boylan. + * remove left-over "and a bunch" sentence from exim4-config_files.5 + * Add a symlink from /etc/email-addresses to /etc/exim4/email-addresses + * Fix bad parsing of CHECK_RCPT_DOMAIN_DNSBLS. + Thanks to Robert Millan. Closes: #378581 + * Note in README.Debian that other parts of the Debian system might + give outdated and/or wrong advice. See #378684, #378685. + * SPF support: (rm) Closes: #290464 + * Add (disabled) template to check SPF in 30_exim4-config_check_rcpt. + * Add libmail-spf-query-perl (>= 1.999-1) to Suggests. + * Rewrite Q/A about SPF from README.Debian. + * Add a small note to exim4-config.NEWS. + * Add conf.d/acl/30_exim4-config_check_mail to reject mail without HELO/EHLO. + (rm) Closes: #378935 + * Add LSBized init script. Thanks to Carlos Villegas. Closes: #376953 + * re-order RCPT ACL statements to resemble Upstreams default config + a little more. This used to be the case in the beginning, but was + changed eventually, and I didn't find any rationale for our deviation. + Thus, we change back to upstream's default to see which things might + break. + * remove cron.d from exim4-base dirs - we do not have a cron.d job + any more for years. + * Re-work daily cron job: + * Make statistics configurable with a variable + * Comment that the log handling code is fragile and depending on + log rotation strategy + * Add code to generate warnings if paniclog non-empty. + Thanks to Andrew Ferrier. Closes: #379898 + * Build -dbg packages. + * Updated vi (vietnamese) translation. + Thanks to Clytie Siddall. (am) Closes: #380357 + + -- Marc Haber Mon, 31 Jul 2006 06:10:51 +0000 + +exim4 (4.62-2) unstable; urgency=low + + * Move explanation about using ";" as separator in lists from debian/NEWS to + debian/exim4-config.NEWS. (The former ends up as + /usr/share/doc/eximon4/NEWS.Debian.gz.) Also fix version-number of + entry. (am) + * have ue4.conf --verbose print split or non-split config. + Thanks to Florian Laws. (mh) + * Mention http://pkg-exim4.alioth.debian.org/ in package description. + Thanks to Florian Laws. (mh) + * Mention in package description that README.Debian has information + about how to configure the Debian packages. + * /etc/init.d/exim4: parse extended inetd.conf syntax from + openbsd-inetd. (mh) Closes: #365928 + * New th (thai) translation. + Thanks to Theppitak Karoonboonyanan. (mh) Closes: #367351 + * New dz (Dzongkha) translation. + Thanks to Pema Geyleg. (am) Closes: #368593 + * New ne (Nepali) translation. + Thanks to Paras pradhan. (am) Closes: #369526 + * New eo (Esperanto) translation. + Thanks to Serge Leblanc. (am) Closes: #369241 + * Updated hu (hungarian) translation. + Thanks to Attila Szervac. (am) Closes: #374616 + * Make documentation of CHECK_RCPT_LOCAL_LOCALPARTS and + CHECK_RCPT_REMOTE_LOCALPARTS more verbose and concentrate it in the + ACL file. Thanks to Klaus Muth. (mh) Closes: #366491 + * README.Debian.xml (mh) + * Add new section documenting where to find documentation. + * Move misplaced sentence. + * Fix spelling errors in README.Debian. + Thanks to Salvatore Bonaccorso. Closes: #366003 + Thanks to Ross Boylan. Closes: #374216 + * remove "you can stop reading now" sentence. + Thanks to David Lawyer. Closes: #370790 + * Mention Debian-specific man pages + * Give instructions about how to use apropos to find out about man + pages. + * Documentation changes inspired by Ross Boylan. Closes: #369126 + * Add exim4-config_files(5) man page to aid as repository for file + explanations. + * /etc/email-addresses + * /etc/exim4/local_host_blacklist + * /etc/exim4/local_host_whitelist + * /etc/exim4/local_sender_blacklist + * /etc/exim4/local_sender_whitelist + * /etc/exim4/local_sender_callout + * /etc/exim4/local_rcpt_callout + * /etc/exim4/local_domain_dnsbl_whitelist + * /etc/exim4/hubbed_hosts + * /etc/exim4/passwd + * /etc/exim4/passwd.client + * /etc/exim4/exim.crt + * /etc/exim4/exim.key + If you find any files that might be missing in the man page, + please report a bug. + * mention exim4-config_files(5) in update-exim4.conf.8 + * Explicitly mention README.Debian in exim man page. + * Remove /usr/share/doc/exim4-config/default_acl, move contents to + README.Debian and exim4-config_files. + * remove empty /usr/share/doc/exim4-config/examples. + * clarify docs in RCPT ACL. + * streamline docs: + * hubbed_hosts router. + * passwd.client. + * server side authentication examples + * Standard-Version: 3.7.2, no changes necessary. + + -- Marc Haber Sat, 24 Jun 2006 08:56:19 +0000 + +exim4 (4.62-1) unstable; urgency=low + + * New upstream version + * remove !acl patch, bug is fixed upstream + * Some minor changes to README.Debian + * Downgrade priority of exim4/dc_eximconfig_configtype, exim4/no_config and + exim4/exim3_upgrade from critical to high, as there is a sane default. + Closes: #342077 + * Allow single quotes in recipient mail addresses. Closes: #346222 + * Update debian/mtalist to conflict with hula-mta. (mh) + * Move back man-pages (actually they are symlinks) related to the + mail-transport-agent virtual package from exim4-base to the daemon + packages. Other MTA packages also include these manpages and would + otherwise need to explicitly conflict with exim4-base. Add "Replaces: + exim4-base (<= 4.61-1)" to the daemon packages. Thanks to Justin Pryzby. + Closes: #362852 (am) + * Update km (Khmer) translation. + Thanks to Khoem Sokhem. (mh) Closes: #363672, #363671 + * Update pa (Punjabi) translation. + Thanks to A S Alam. (am) Closes: #364268 + * replace backticks with $() construct in ue4.conf. (mh) + * Allow ";" as separator in dc_local_interfaces and dc_relay_nets. + If a semicolon is found, "<;" is prepended to allow a semicolon as + separator. Thanks to Adam Borowski. (mh) Closes: #360162 + * Link against libdb4.3 instead of 4.2. (am). Closes: #365467 + * Standards-Version: 3.7.0, no changes required. (am) + * README.Debian: Add link to "how to use a completely different + configuration scheme" to the beginning of the chapter about Debian's + configuration to provide an easy way out for experienced exim people. + (mh) + * Fix grammar error in README.Debian. (Thanks, Ross Boylan) Closes: #365546 + * Whennever changing major Berkeley DB versions we zap the exim hint + databases in exim4-base postinst. Change the code to also delete + __db.retry, __db.misc, __db.callout and __db.wait* (which afaik are + Berkeley DB internal files). If these are somehow broken strange errors + occur, e.g. #360696. As we are deleting the whole db, deleting these files + seems to be a good idea. (am) + + -- Marc Haber Tue, 2 May 2006 11:47:58 +0000 + +exim4 (4.61-1) unstable; urgency=low + + * New upstream version + - Temporary files for content scanning subdirectory are now also mode 640 + instead of 666. Closes: #280282 + - If group was specified without a user on a router, and no group + or user was specified on a transport, the group from the router + was ignored. Closes: #343074 + - .include statements now require an absolute path. Closes: #268083 + * Apply upstream patch allowing !acl constructs + (http://www.exim.org/mail-archives/exim-cvs/2006-April/msg00008.html) + * Rename the Punjabi translation file name from pa_IN to pa + to fit a decision taken in -i18n + * README.Debian: + * mention that relay_nets does allow relaying without authentication. + * minor formatting fixes + * Add Khmer debconf translation (Thanks, Kakada Hok) (bubulle) + Closes: #359668 + * Add linda overrides for libs-not-in-depends (see #357727) + + -- Marc Haber Tue, 4 Apr 2006 19:50:39 +0000 + +exim4 (4.60-5) unstable; urgency=low + + * re-introduce inst_aliases, patch src/install_exim to prevent path + to inst_aliases to be put into example config file. (mh) + * Fix typo in README.Debian.xml, thanks to Frank S. Thomas. (mh) + * Fix Copy&Waste error in README.Debian.xml. + Thanks to Olaf van der Spek. (mh) Closes: #356354 + * Added partial Punjabi debconf translation, + thanks to Amanpreet Singh Alam. (cp) Closes: #349644 + * Fix wrong example in conf.d/acl/20_exim4-config_whitelist_local_deny. + Thanks to Kaare Hviid for pointing this out on IRC. (mh) + * Add documentation about Debconf templates to README.Debian to make + yath happy. (mh) + * exim4-refresh_gnutls-params: Use prefix for tempfile to make it + easier recognizeable. (mh) + + -- Marc Haber Mon, 13 Mar 2006 15:30:07 +0000 + +exim4 (4.60-4) unstable; urgency=low + + * add rationale to README.Debian explaining why using system + passwords for SMTP AUTH is a bad idea. + * streamline configuration to decrease differences to upstream default + example, and to adopt new things that were added since we last + looked there. + * Do not set inst_aliases for installation, this only affects + example.conf anyway. + * fail build if upstream's example configuration has changed. + * fix NEWS confusion. Thanks to Andreas for spotting this. + * exim4-base.exim4.init: invoke exim4 daemon with the environment + cleaned to avoid language confusion. + * document tls on connect in README.Debian. + * use adduser --quiet instead of > /dev/null in *.postinst. + * Add require_files directive to userforward router to avoid errors + when mailing uucp@hostname. + * Add comment about setting up TLS in conf.d/auth/30_exim4-config_examples + to keep people from blindly allowing cleartext auth. + * Replace 37_dns_disable_additional_section patch with + 37_upstream_patch_342619, which is the nearly identical patch from + upstream CVS, approved by Philip. (mh) Closes: #342619 + + -- Marc Haber Wed, 22 Feb 2006 10:30:16 +0000 + +exim4 (4.60-3) unstable; urgency=low + + * Have exim4-base replace exim4-daemon-light and -heavy. This is a + needed corollary to the movement of the man pages to -base. Let's + hope that this change doesn't introduce too much breakage. Thanks + to Hamish Moffatt for making me take a closer look at policy. + (mh) Closes: #347908, #348067 + * Introduce Makefile variable to build with OpenSSL instead of + GnuTLS. This is a last minute maneuver to help sites suffering from + the GnuTLS entropy issue (#338319, #343085) whose only other chance is + disabling TLS completely. Please note that building exim4-daemon-heavy + with OpenSSL is a GPL violation since OpenSSL's license clashes with + the MySQL client library, which is GPL licensed without OpenSSL + exception. (mh) + * re-pack configuration diffs. (mh) Closes: #331698 + * Fix wrong variable substitution in lt (Lithuanian) debconf + translation. Thanks to Davide Viti and Gintautas Miliauskas. (mh) + Closes: #342242 + * Fix typo in exim.8 man page. Thanks to A Costa. (mh) Closes: #338579 + * Honor dpkg-statoverride entries for run-time data in /var. + Thanks to Peter Mottram. (mh) Closes: #269448 + + -- Marc Haber Sun, 15 Jan 2006 00:23:47 +0000 + +exim4 (4.60-2) unstable; urgency=low + + * Add, but not enable, 37_dns_disable_additional_section.dpatch, + which might be a possible fix for #342619 + * conf.d/auth/30_exim4-config_examples: add hint to adapt public_name + string in support_broken_outlook_express_4_server authenticator if + other authencators than LOGIN and PLAIN are offered. + * Fix missing special characters in some debconf translations. + Thanks to Davide Viti. (mh) Closes: #341442 + * Fix broken README reference in system_aliases router docs. (mh) + * remove references to alias files from the address_pipe transport. (mh) + * remove "Some-State" default from exim-gencert. (mh) + * Clarify split vs unsplit config in README.Debian. Thanks to Faheem + Mitha and Ross Boylan for helping. (mh) + * Update Build-Depends to libmysqlclient15-dev. (mh) Closes: #343767 + * Fix wrong header in conf.d/routers/300_exim4-config_real_local. + Thanks to Ross Boylan for spotting this. (mh) + * Document headers_rewrite, return_path and dc_mailname_in_oh in + update-exim4.conf man page. (mh) Closes: #332520, #342233 + * Re-Instate debian/patches/31_eximmanpage which was erroneously + removed in 4.60-1, we have local Debian patches in here. Thanks to + Ross Boylan for spotting this. (mh) Closes: #330967 + * Mention relay permission from localhost in update-exim4.conf(8). (mh) + * Add more prose to relay control configuration. (mh) + * Update Greek debconf translation (Thanks, Kostas Papadimas) (am) + Closes: #344576 + * Add cross-reference to README.Debian to better find macro docs. + Thanks to Shyamal Prasad. (mh) Closes: #329988 + * Fix incorrect variable substitution in pt_BR debconf translation. (Thanks, + Felipe Augusto van de Wiel) (am) Closes: #345363 + * [exim4-config.templates, po/*po] Replace reference to README.SMTP-AUTH + with one to its replacement README.Debian.html. (am) Closes: #344826 + * Re-work long package descriptions. Move reference to README.Debian in + front, add hint to dpkg-reconfigure exim4-config, complete stub + sentences, remove non-referenced acronym MTA from the long + descriptions, move explanation what exim is to the very front. + * README.Debian: Add section about changing the configuration, + explain structure of conf.d and .conf.template, add hint that the SMTP + AUTH examples are documented. + * Introduce MAIN_TLS_CERTKEY to allow for single-file certificate/key + storage. Thanks to John Goerzen. (mh) Closes: #315126 + * Mention entropy issue in README.Debian. + * Ship symlink to /usr/sbin/exim, see NEWS.Debian. (mh) Closes: 319316 + * use dh_installinit -n instead of --noscripts to work around #347577. (mh) + * use dh_installinit --name instead of --init-script, rename init + script. (mh) + * move man pages from daemon packages to exim4-base, add lintian + and linda overrides to allow daemon packages not to contain man pages. + + -- Marc Haber Thu, 12 Jan 2006 12:36:50 +0000 + +exim4 (4.60-1) unstable; urgency=low + + * new upstream version 4.60 + * assign value to UE4CC after command line processing. Only have + ue4c throw an error on not-existing UPEX4C_confd if split config is + seleted. Thanks to Ted Percival. (mh) Closes: #337229 + * A number of man page fixes. Thanks to A Costa. (mh) + Closes: #338580, #338581, #338582, #338583, #338584 + * Pull spool dir path from exim -bP instead of hard-coding it in + daily cron job and exim4_refresh_gnutls-params. + Thanks to Alex Hermann. (mh) Closes: 340002 + * Corrected zh_CN translation by Ming Hua. (am) Closes: #338928 + * Corrected pl translation by Jacek Politowski. (am) Closes: #339671 + * Change README.Debian to clarify the exim as a client only uses + STARTTLS and not TLS on connect. Thanks to Rob Brenart and Marc + Sherman for pointing that out on exim-users. + * Clarify passwd.client format. Thanks to Osamu Aoki for providing a + good starting point in #244724, which is unfortunately not fixed just + now. + * remove patch 31_eximmanpage, fixes are included upstream. + + -- Marc Haber Mon, 28 Nov 2005 18:16:12 +0000 + +exim4 (4.54-2) unstable; urgency=low + + * debian/README.Debian* merged into one xml-file. Binary packages ship both + a html (generated by xsltproc) and plain-text version (lynx + + post processing) of the file. (Hilko Bengen) + * Switch to libmysqlclient14. + * Fix two typos in French debconf templates. + Thanks to Christian Perrier. (mh) + * Replace broken courier auth example with one that actually denies + access if a wrong password is given. Thanks to Peter Thomassen for + carrying that report from some colorful web forum to the people who + can fix it after like four months. (mh) Closes: #336979 + * Fix minor typos in README.Debian.xml and changelog. (mh) + * Add 255.255.255.255 to ignore_target_hosts in dnslookup. (mh) + + -- Marc Haber Wed, 2 Nov 2005 19:40:22 +0000 + +exim4 (4.54-1) unstable; urgency=low + + * new upstream version 4.54. (mh) + * fix typo in router/real_local header + * add same_domain_copy_routing to router/hubbed_hosts + * [update-exim4.conf.8] false friend: s/sensible/sensitive/. + Thanks to Ross Boylan. (am) Closes: #330975 + * modify broken outlook express 4 authenticator so that it only + advertises on encrypted connections, as the other plaintext + authenticators do. Thanks again, Fred Viles. (mh) + * update-exim4.conf.8: alphabetically sort REPLACEMENT PATTERNS and + CONFIGURATION VARIABLES sections, add documentation for + DEBCONFlocal_domainsDEBCONF. + Thanks to Ross Boylan. (mh) Closes: #330980 + * fix bashism == in init script. Thanks to Adam D. Barratt and + Justin Pryzby. (mh) Closes: #331299 + + -- Marc Haber Tue, 4 Oct 2005 09:59:24 +0000 + +exim4 (4.53-1) unstable; urgency=low + + * new upstream version 4.53. (mh) + * Fix obviously unfinished sentence in update-exim4.conf.8 + documenting dc_local_interfaces. (mh) + * Move SMTP authentication docs to README.Debian. (mh) + * Adapt reportbug script to be useable from the command line as well, + mention this in README.Debian mailing list paragraph. (mh) + * Remove /etc/default/exim4 in exim4-config's postrm instead of exim4-base's + one, as it is created in exim4-config's postinst. (am) Closes: #325901 + * Fix error in README.Debian.xinetd. + Thanks to Diego Biurrun. (mh) Closes: #327847 + * Fix substitute variable in Japanese (ja) debconf translation. + Thanks to Kenshi Muto. (mh) Closes: #329729 + * Add lintian override for maintainer-script-needs-depends-on-netbase. We + don't need that depends since update-inetd.conf is checked for presence + before invocation and that invocation is only optional cleanup. (mh) + * add linda override to kill double shlib warning - libgnutls is + fully versioned and thus is not a problem. (mh) + * add lintian override to kill bashism "local" warning for + exim4-config.config and exim4-config.postinst (see #330548). (mh) + * add general package blurb to description of the exim4 meta package + as well. Thanks to Marc Sherman for pointing this out. (mh) + * remove code to escape dashes in the pod2man generated man pages. + That code makes the man pages syntactically invalid, we'd rather + live with suboptimal rendering (which is a pod2man bug anyway). (mh) + * change spacing for rewrite rules in configuration, man page and + ue4.conf to ease paragraph filling for the man page. (mh) + * re-pack config patches. (mh) + + -- Marc Haber Wed, 28 Sep 2005 18:34:51 +0000 + +exim4 (4.52-2) unstable; urgency=low + + * unpack/pack configs to get clear EDITME patches (mh) + * Update ca (Catalan) translation. + Thanks to Aleix Badia i Bosch. (mh) Closes: #317429 + * Update mk (Macedonian) translation. + Thanks to Georgi Stanojevski. (mh) Closes: #320231 + * Use certtool from gnutls-bin in cron.daily to re-generate gnutls-params + instead of only removing the file and letting exim4 re-generate it at SMTP + time after receiving STARTTLS. The maximum runtime of certtool is limited + to 2*1800 seconds per default by using timeout.pl by Piotr Roszatycki + (checked and beautified by Marc 'HE' Brockschmidt). Add gnutls-bin to + exim4-base' Suggests. (am) Closes: #285371 + * Build-Depend on libgnutls-dev (from gnutls12) instead of libgnutls11. + * Drop compability with debhelper in woody (am): + - mv *.templates.master *.templates + - update po/POTFILES.in accordingly. + - no more manual invocation of po2debconf in debian/rules + - use dh_installppp instead of manual dh_installdirs/dh_install. + Closes: #212893 + - Build-Depends: debhelper (>= 4.1.68) + * drop upgly passwd dependency introduced in 4.30-6. (am) + * shorten Build-Depends by replacing "libxfoo-dev|xlibs-dev' with just + 'libxfoo-dev'. (am) + * Do not try to authenticate to smarthost if smarthost offers AUTH LOGIN but + passwd.client does not contain a matching entry. (am) Closes: #323565 + + -- Andreas Metzler Sun, 21 Aug 2005 11:44:27 +0200 + +exim4 (4.52-1) unstable; urgency=low + + * new upstream version 4.51. (mh) + * adapt 70_remove_exim-users_references + * remove 37_gnutlsparams + * adapt 36_pcre + * adapt 31_eximmanpage + * fix package priorities to have them in sync with override again. (mh) + * Fix error in nb (Norwegian) translation. + Thanks to Helge Hafting. (mh). Closes: #315775 + * Standards-Version: 3.6.2, no changes needed. (mh) + + -- Marc Haber Sat, 2 Jul 2005 06:08:34 +0000 + +exim4 (4.51-2) unstable; urgency=low + + * Fix typo in exiwhat.8. (am) Closes: #313246 + * Clarify tls_verify_certificates documentation in + conf.d/main/03_exim4-config_tlsoptions. Thanks to Wenzhuo Zhang. (mh) + * Accept postmaster liberally for relay_to_domains. Thanks to + Roderick Schertler. (mh) Closes: #313023 + * Improve update-exim4.conf's internal run-parts to warn about ignored files + if running in verbose-mode. (am) Closes: #315656 + * Make it possible to purge a previously uninstalled exim4-suite if debconf + has between removed since. (am) Closes: #315173 + - Stop useless sourcing of confmodule in exim4-config.postrm. + - Use debconf to ask about trashing the mailqueue if debconf is available, + keep the queue otherwise. + * exim failed to setup gnutls parameters if the gnutls-param file was + missing. This caused TLS breakage. (am) Closes: #315650 + + -- Andreas Metzler Tue, 28 Jun 2005 19:35:35 +0200 + +exim4 (4.51-1) unstable; urgency=low + + * new upstream version 4.51. (mh) + * remove 80_upstream_fix-296492 + * remove 81_fix-kfreebsd-gnu + * remove 82_upstream_fix-299733 + * remove 82_upstream_fix_299743 + * remove 83_upstream_fix-strangelog + * build-depends: replace postgresql-dev with libpq-dev. (mh) + * apply patch to EDITME.exim4-heavy.diff from ubuntu for clearer + postgresql build. (mh) + * fix wrong dc_other_hostnames statement in manpage. Thanks to + Daniel Hermann. (mh) Closes: #311023 + * give more directions how to use /etc/exim4/exim4.conf. (mh) + * Fix duplicated server_advertise_condition line in + login_saslauth_server. Thanks to Rich Aycock. (mh) Closes: #311906 + * Conditional restarting the daemon in exim4-config.config now checks for + DEBCONF_RECONFIGURE=1 instead of (mis)using an internal + debconf-template. (am) + * Documentation Improvements for update-exim4.conf.8, exim4.conf.template + and 01_exim4-config_listmacrosdefs and README.Debian. + Thanks to Ross Boylan. (am/mh) + * New translation: et (Estonian) by Siim Põder. (mh) Closes: #312474 + + -- Marc Haber Fri, 10 Jun 2005 18:57:03 +0000 + +exim4 (4.50-8) unstable; urgency=low + + * integrate TLS docs in README.Debian, remove README.TLS. + Thanks to Sam Morris. (mh) Closes: #310771 + + -- Marc Haber Fri, 27 May 2005 07:57:14 +0000 + +exim4 (4.50-7) unstable; urgency=low + + * Documentation Only Fixes + - Fix grammar error in README.system_aliases. Thanks to Andreas + Barth on IRC. (mh) + - Optimize unencrypted authentication docs. Thanks to Drew Parsons. + (mh) Closes: #305443 + - Clarify dc_smarthost host list processing in update-exim4.conf.8. + (mh) Closes: #307370 + - Clarify split-config description in README.Debian. + Thanks to Luc Saffre. (mh) + - Fix a typo in README.Debian-accountname, thanks to Brett Parker. (mh) + - Fix an issue in the exim manpage creating the illusion that + whitespace is allowed between -d and its options. + Thanks to Greg Kochanski. (mh) Closes: #309174 + - Start re-work of README.Debian FAQ. + - Add "should -config depend on -base" question to README.Debian FAQ. + - Link README.Debian to -daemon-light and -daemon-heavy, include a + copy of README.Debian in -config. + Thanks to Daniel Maier. (mh) Closes: #310118 + * Translations + - Update: cy (Welsh) by Dafydd Harries. (mh) Closes: #306349 + - New: vi (Vietnamese) by Clytie Siddall. (mh) Closes: #306613 + - Fix typos in pt.po (Thanks, Miguel Figueire) (am) Closes: #310057 + * Configuration Clarification + - move the regexps in the local part checks to macros, adapt docs. + Thanks to Adam M. Costello. (mh) Closes: #306094 + * Bug Fixes + - preserve escape sequences like '\\N' in + /etc/exim4/update-exim4.conf.conf: + - use awk instead of sed in exim4-config.postinst (Thanks, Barry Kitson). + - use printf '%s\n' "$foo" instead of echo "$foo". (echo in dash would + swallow the second backslash) + - actually making this work requires changes in debconf, too, + see #306134. + - (Closes: #305957) (am) + - apply upstream patch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050425/msg00035.html + in some circumstances, exim writes parts of /etc/passwd and/or + /etc/group to the reject log. This scares people. (mh) + - apply upstream patch from + http://www.exim.org/mail-archives/exim-dev/2005-April/msg00012.html to + only try SASL mechanisms that are actually specified in the + configurations. Thanks to Juergen Kreileder. (mh) Closes: #299743 + - Build against libmysqlclient12-dev instead of libmysqlclient10-dev. + (am) Closes: #306970 + - As "mail sent by smarthost; no local mail" aka satellite requires setting + dc_readhost always ask this question. (am) Closes: #304838 + - Make nonsplit-config read /etc/exim4/exim4.conf.localmacros before + /etc/exim4/exim4.conf.template to allow macros here as well. (mh) + - Make it clear that "broken debconf" warning is issued by + exim4-config.postinst + - Make sure that "generated, do not touch" disclaimer in + /var/lib/exim4/config.autogenerated always appears + - [exim4-config] As the.config script stores answers in debconf's db and the + postinst actually generates configurations files from these values + restarting the daemon on dpkg-reconfigure has to be done in postinst. (am) + Closes: #310703 + + -- Marc Haber Thu, 26 May 2005 17:47:24 +0000 + +exim4 (4.50-6) unstable; urgency=low + + * fix some errors in update-exim4.conf(8) manpage. (am) + * more macros in config. (mh) + * Apply upstream fix: $primary_hostname is now expanded in + cyrus_sasl authenticator. Thanks to Juergen Kreileder, and of + course Philip Hazel. (mh) Closes: 299733 + * fix conftype none missing "| \" bug, again. Thanks to Andrew Nimmo + and Gabriel L. Briones III. (mh) Closes: 303351. + * The upstream fix for #296492 sometimes causes an endless loop. Update + patch with correction from Philip's commit, revision 1.10. (mh) + * Document real_local router. (mh) + * Add instructions about how to use inetd. Thanks to Ryan Underwood. + (mh) Closes: #304436 + * Fix wrong file header in 100_exim4-config_domain_literal. (mh) + * Fix bad english in 01_exim4-config_listmacrosdefs. (mh) + * conf.d/main/02_exim4-config_options: Remove macro effort for options + that we leave at their default by default anyway, re-commenting them + for reference. (am) + * Allow cleartext client AUTH PLAIN and AUTH LOGIN by setting a + macro. (mh) + * Update information in README.SMTP-AUTH. (mh) + + -- Marc Haber Sun, 17 Apr 2005 19:10:26 +0000 + +exim4 (4.50-5) unstable; urgency=low + + * move exim4-config-simple and exim4-config-medium from the main + source package to keep them from being released. + * document the fact that the check done by update-exim4.conf does + not detect all possible errors and fails with errors that are inside + expanded items in the config file. Thanks to Marc Sherman. + (mh) Closes: 286721 + * Add examples for cyrus_sasl to conf.d/auth/30_exim4-config_examples. + Thanks to Juergen Kreileder. (mh) Closes: #299732 + * remove --dry-run from 10_daemon_close_fds.dpatch so that failures + to patch cause failure. Thanks to Gergely Nagy, and apologies for + blaming it on dpatch (see #297670). (mh) + * remove ACL example file, incorporate DNSBL examples (without + actual DNSBL domains) into main config. The example file hasn't been + updated in ages, and the main config file has become quite + sophisticated by itself. (mh) + * add example authenticators for courier authdaemon. (mh) + * have exim4-base recommend psmisc. Thanks to Thiemo Seufer. + (mh) Closes: #299858 + * apply upstream patch fixing fallback handling. Thanks to Laurent Fousse. + (mh) Closes: #296492 + * add patch to allow building on kfreebsd-gnu. Thanks to Robert + Millan. (mh) Closes: #300967 + * remove 10_daemon_close_fds since this might close FDs which might + be used by other libraries such as libnss-ldap. Thanks to Antonio + Kanouras for reporting and testing, and to Florian Weimer for + debugging. To avoid #297607 from happening again, use db_stop in + exim4-config.config and coordinate with the d-i team. Thanks to + Frans Pop for testing. (mh) Closes: #299051 + * make pidfile paths in init script variables. (mh) + * Update bs (Bosnian) debconf templates. Thanks to Safir Secerovic. + (mh) Closes: #301940 + * Fix update-exim4.conf to actually remove the DEBCONF stuff from + configuration. Thanks to Jason Spiro. (mh) + * correctly translate an empty debconf option visiblename to an + _unset_ qualify_domain, not a qualify_domain set to the empty string. + Thanks to Miquel van Smoorenburg. (mh) Closes: #302060 + * update-exim4.conf ignored the setting of dc_use_split_config and + always used the data from split config for conftype none. (am) + * Document #301988 (base-config) in README.Debian to offer an + explanation for a long delay restarting exim right after Debian + installation. (mh) + * Fix exim4-config.NEWS and exim4-config.postinst, documenting the + mailname change there. This should act as a heads-up to people who + do funky things with their ue4.conf.conf which might overwrite the + fixup intrduced by the maintainer script. Thanks to Vincent + Lefevre. (mh) Closes: #301906 + * Make Maildir location configurable via exim macro. Thanks to + Frederic Lehobey. (mh) Closes: #302215 + * pull update-exim4.conf.conf file name in shell variables + * liberally use .ifdef in conf.d files which changed in this release + anyway. This is part of the process to fix #297603. (mh) + * Adapt formatting policy to conf.d files which were changed. (mh) + * Improve on Debconf documentation in update-exim4.conf.conf and + the configuration templates. This partly addresses #289959. (mh) + * re-work ue4.conf man page, also addressing #289959. (mh) + * add a comment about caseless postmaster to + conf.d/router/400_exim4-config_system_aliases. (mh) + * print script name and parameters when debugging. (mh) + * update-exim4.conf now gives a better error message if + ue4.conf.conf does not exist. (mh) + * ue4.conf.template: If a relative output path is given, actually + put the file there and not in a path relative to + /etc/exim4/conf.d. (mh) + + -- Marc Haber Sun, 3 Apr 2005 07:20:17 +0000 + +exim4 (4.50-4) unstable; urgency=low + + * fix 10_daemon_close_fds.dpatch to actually apply again. Sheesh. + Thanks to Joey Hess. (mh) Closes: #297607 + + -- Marc Haber Wed, 2 Mar 2005 07:38:52 +0000 + +exim4 (4.50-3) unstable; urgency=low + + * actually enable dlopen patch, show this in package descriptions. + Thanks to Andrej KOLESNIKOV. (mh) Closes: #297282 + * Have exim4-config conflict with -daemon (<<4.50), as we use + submission/sender_retain which is not supported by earlier daemons. + Thanks to Echo Nolan. (mh) Closes: #297501 + + -- Marc Haber Tue, 1 Mar 2005 06:45:26 +0000 + +exim4 (4.50-2) unstable; urgency=low + + * now use WITH_OLD_DEMIME as discussed on pkg-exim4-devel. (mh) + * postinst: add "This is a Debian specific file" to ue4.c.c. (mh) + * fix exim.8 manpage to point to exim4 instead of exim. + (mh) Closes: #296864 + * fix update-exim4.conf.8 man page to correctly document that + multiple smarthosts are supported and non-SMTP ports are not. Thanks + to Dan Jacobson. (mh) Closes: #283560 + * Add --output option to update-exim4.conf.template. Thanks to Marc + Sherman. (mh/am) Closes: #296597 + * Compile with cyrus_sasl authentication mechanism, add libsasl2-dev to + Build-Depends. Thanks to Sean Middleditch and Gergely Risko. (mh) + Closes: #296203, #292906. + * document that dc_localdelivery does not have a corresponding + Debconf option. + * Introduce ue4c_comments for /etc/exim4/update-exim4.conf.conf to + set default for keepcomments/removecomments from the config file. + Thanks to Greg Folkert. (mh) Closes: #295735 + * Use "control = submission/sender_retain" to fixup relayed messags instead + of only adding a Message-ID with a warn-statement. (am) Closes: #285235 + * Add force-stop to the init script. Thanks to Jari Aalto. (mh) + Closes: 271686 + * tighten local parts checks. Thanks to Jari Aalto. (mh) Closes: #273302 + + -- Marc Haber Sun, 27 Feb 2005 16:33:05 +0000 + +exim4 (4.50-1) experimental; urgency=low + + * new upstream version + * kill exiscan patch as it is now included upstream + * deliver configuration which will compile daemon-heavy with the + built-in exiscan + * convert package to svn on svn.debian.org with a debian/-only + layout. (mh) + * remove 37_kbsd-gnu patch on bug submitter's request (doesn't apply + cleanly). (mh) + * fix bad German translation of a debconf template. Thanks to Hanno + Wagner. (mh) Closes: #291671 + * allow option passing to updatex-exim4.conf from init script. + Thanks to Stephen Gran. (mh) Closes: #285973 + * change commented out example for reverse DNS RCPT check to catch + deferrals as well. Thanks to Marc Sherman. (mh) Closes: #291832 + * Update ko (Korean) debconf templates. Thanks to Seo Sanghyeon. + (mh) Closes: #292607 + * Update sq (Albanian) debconf templates. Thanks to Elian Myftiu. + (am) Closes: #284529 + * New gl (Galician) debconf templates. Thanks to Jacobo Tarrío. + (mh) Closes: #295562 + * use #!/bin/bash in reportbug script as a quick fix until #294954 + is fixed one way or the other in reportbug. + * Minor fix to de (German) debconf templates. Thanks to Dennis + Stampfer. (mh) Closes: #294815 + * add bad hack authenticator to support outlook express 4.xx. (mh) + * streamline server authenticator names. (mh) + * 60_convert4r4.dpatch: patch convert4r4 to prevent execution of the + script without people reading a prominent warning. (mh) + * re-work debian/control again, pointing people towards + pkg-exim4-users to make upstream a little bit less unhappy. + + -- Marc Haber Fri, 18 Feb 2005 15:31:12 +0000 + +exim4 (4.44-2) unstable; urgency=low + + * re-work debian/control to make lintian happy, make descriptions + more orthogonal. (mh) + * kill build-conflicts on libperl-dev (=5.8.4-1). (mh) + + -- Andreas Metzler Thu, 27 Jan 2005 13:45:45 +0100 + +exim4 (4.44-1) experimental; urgency=low + + * New upstream bugfix-only release (exiscan-acl 4.44-28). + - Fixes eximstats' generation of pie charts by volume. (Closes: #286074) + - Reset the locale to "C" after calling embedded Perl. (Closes: #283538) + - includes 66_cipherpreferences.dpatch, + 66_can2005-0021_can2005-0022.dpatch, 65_tidydb-spool.dpatch, + 62_statvfs.dpatch. + * Fix (commented) example for AUTH LOGIN with saslauthd (Thanks, Maik + Broemme). (Closes: #291205) + * tl (Tagalog) translation of debconf templates by eric pareja. + (Closes: #291184) + * Use db4.2. (Closes: #258311) + + -- Marc Haber Sun, 23 Jan 2005 15:42:20 +0000 + +exim4 (4.43-4) unstable; urgency=low + + * Change update-exim4.conf to again generate a valid return_path (instead + of defering any mail to remote systems) if dc_hide_mailname='true'. + (Closes: #290954) + * Fix typo in changelog and exim4-config's NEWS. + * Some changes (most notably changing the interfaces exim listens on) + require restarting exim instead of just sending HUP. Change documentation + and exim4-config.config accordingly. (Closes: #290945) + + -- Andreas Metzler Tue, 18 Jan 2005 12:57:58 +0100 + +exim4 (4.43-3) unstable; urgency=low + + * Now that 4.44 is released upload 4.43 to unstable. ;-) Merge experimental + and unstable changelog. + * More lintian overrides. ("X" in eximon4's description has to be capital, + and we take care to only use settitle if it is available. + * make nullmailer setup and the way we use mailname a lot more sensible, + attacking #244095 and #280207: + - mailname is not implicitely made a local domain, instead it is listed + explicitly in dc_other_hostnames, where users can easily remove it + from. (This is basically what postfix does, too.) When upgrading + existing installations mailname is automatically added _once_ to + dc_other_hostnames, on fresh installations mailname is the default + value of dc_other_hostnames. We store the fact that we have added + mailname to dc_other_hostnames in $dc_mailname_in_oh in + update-exim4.conf.conf. + - Make exim work correctly if dc_readhost ("visible, rewritten domain name + for local users") ends up as part of local_domain, which happens if + the same value is chosen for mailname and dc_readhost. This + implemented by new router, hub_user_smarthost. Previously users were + required to use something different (my.invalid.domain) for mailname. + - Special thanks to Christian Perrier for taking care of the + template translation updates. + * We did not substitute the current value into the debconf templates with + db_subst but showed the old ones from the previous debconf run. + * /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses! + * Bosnian (bs.po) translation is complete (Thanks Adis Nezirovic). + * Includes de.po change suggested in #286525. + * One-line fix for incorrect fi.po translation by Kalle Olavi Niemitalo. + (Closes: #288930) + + -- Andreas Metzler Sat, 15 Jan 2005 19:38:16 +0100 + +exim4 (4.43-2) experimental; urgency=low + + * Resync against sarge/sid (4.34-10). + * Translation updates: + - he (Hebrew) by Lior Kaplan (am) (Closes: #281249) + * cy (Welsh) translation of debconf templates by Dafydd Harries. + (am) (Closes: #282731) + * sq (Albanian) translation of debconf templates by Elian Myftiu. (am) + (Closes: #284529) + * allow arbitrary Sender: and envelope headers in locally submitted + messages, no longer force them to be the local account name at the + local host name. (mh) + * delete /var/spool/exim4/gnutls-params in cron.daily. (mh) + (Closes: #224269) + * run debian/rules update-mtaconflicts. (mh) + * remove outdated info from README.SMTP-AUTH and clarify corresponding + comments in configuration file (Closes: #281249). (am) + * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450). (am) + * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205). (am) + * Document /etc/email-addresses in README.Debian (Closes: #276958) (am). + * exim_tidydb did not work properly with split spool directory. (am) + * Make exim prefer stronger ciphers. (AES_256 AES_128 3DES ARCFOUR). + * Make the prefered local transport (maildir/mailspool) configurable in + update-exim4.conf.conf, attacking #250980. Document this, therefore + (Closes: #274597) (am) + * Move slightly more expensive tests in rcpt ACL further down. (This only + changes commented out example code.) (Closes: #267708) + * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302) + * Version dpatch build-dependency to safeguard against reintroducing this + bug. + * In comment point out that using saslauthd for SMTP AUTH requires giving + exim privileges to use it. + * New patch 66_can2005-0021_can2005-0022.dpatch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html + fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022 + (mh/am). + + -- Andreas Metzler Thu, 6 Jan 2005 12:33:27 +0100 + +exim4 (4.43-1) experimental; urgency=low + + * targeted for experimental since we need unstable to get new 4.34 + versions in sarge. unstable upload will happen as soon as t-p-u is in + working condition. + * New upstream version. (am) (Closes: #274246, #267994) + - no more unescaped hyphens in exim.8. (Closes: #262592) + - no more warnings in exipick.8 (Closes: #277817) + - New option tls_on_connect_ports. (Closes: #265818) + - better documentation about differences in configuring for GnuTLS or + OpenSSL. (Closes: #241725) + - verify = header_sender now respects callout options. (Closes: #260114) + - There is now an overall timeout for performing a callout verification. + (Closes: #261511) + - Less typos in filter.txt. (Closes: #230545) + - New ACL: acl_smtp_predata, useful for greylisting. (Closes: #237947) + * exiscan patch 4.43-28 (mh) + * Use statvsf() instead of statfs(), fixing complete breakage on + alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and + debugging this. (am) + * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to + prevent similar bugs. (am) + * Translation updates: + - tr (Turkish) by Recai Oktas (#281840) (am) + * add lintian and linda overrides to get rid of warnings and errors. (mh) + * delete debian/files from config-custom, make config-custom's + debian/rules delete debian/files on clean. (mh) + + -- Marc Haber Sun, 21 Nov 2004 19:26:11 +0000 + +exim4 (4.34-10) unstable; urgency=high + + * urgency high because this upload fixes two minor security issues. + * more documentation for dc_localdelivery in update-exim4.conf.8. + * Move slightly more expensive tests in rcpt ACL further down. (This only + changes commented out example code.) (Closes: #267708) + * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302) + * Version dpatch build-dependency to safeguard against reintroducing this + bug. + * In comment point out that using saslauthd for SMTP AUTH requires giving + exim privileges to use it. + * New patch 66_can2005-0021_can2005-0022.dpatch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html + fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022 + (mh/am). + + -- Andreas Metzler Wed, 5 Jan 2005 10:39:03 +0100 + +exim4 (4.34-9) unstable; urgency=low + + * Translation updates: + - he (Hebrew) by Lior Kaplan (am) (Closes: #281249) + * cy (Welsh) translation of debconf templates by Dafydd Harries. + (am) (Closes: #282731) + * sq (Albanian) translation of debconf templates by Elian Myftiu. (am) + (Closes: #284529) + * new patch 64_pipeliningfixup pulled from 4.42. Exim was forgetting that it + had advertised PIPELINING for the second and subsequent messages on an + SMTP connection. Thanks to Christoph Barbian. (am) (Closes: #283230) + * allow arbitrary Sender: and envelope headers in locally submitted + messages, no longer force them to be the local account name at the + local host name. (mh) + * delete /var/spool/exim4/gnutls-params in cron.daily. (mh). + * remove outdated info from README.SMTP-AUTH and clarify corresponding + comments in configuration file (Closes: #283568) (am). + * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450) (am). + * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205) (am). + * run debian/rules update-mtaconflicts + * Document /etc/email-addresses in README.Debian (Closes: #276958) (am). + * exim_tidydb did not work properly with split spool directory. (am) + * Make the prefered local transport (maildir/mailspool) configurable in + update-exim4.conf.conf, attacking #250980. Document this, therefore + (Closes: #274597) (am) + + -- Andreas Metzler Tue, 7 Dec 2004 12:40:49 +0100 + +exim4 (4.34-8) unstable; urgency=medium + + * The real-life-takes-its-toll-release. + * Use statvsf() instead of statfs(), fixing complete breakage on + alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and + debugging this. + * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to + prevent similar bugs. + * Translation updates: + - tr (Turkish) by Recai Oktas (Closes: #281840) + * new patch 63_nomorecrashongnutlserror pulled from 4.40: "If a server + dropped the connection unexpectedly when an Exim client was using GnuTLS + and trying to read a response, the client delivery process crashed while + trying to generate an error log message." (Closes: #280647) + + -- Andreas Metzler Sat, 20 Nov 2004 10:52:18 +0100 + +exim4 (4.34-7) unstable; urgency=low + + * Update README.Debian.UUCP (thanks, Andreas Barth) (Closes: #271179) + * The hack to fix the infinite debconf loop on woody (#246742) broke + dpkg-reconfigure. Add an additional [ "reconfigure" != "$1" ] condition to + the abort clause. (Closes: #271864) (am) + * apply patch fixing Italian debconf translation by Danilo + Piazzalunga. (mh) (Closes: #274398) + * ro (Romanian) translation of debconf templates by Eddy Petrisor. + (mh) (Closes: #275414) + * sl (Slovenian) translation of debconf templates by Jure Cuhalev. + (mh) (Closes: #275090) + * uk (Ukrainian) translation of debconf templates by Eugeniy + Meshcheryakov. (mh) (Closes: #273505) + * mk (Macedonian) translation of debconf templates by Georgi + Stanojevski. (mh) (Closes: #275772) + * fix encoding problem in hu.po. Thanks to Christian Perrier. (mh) + * Hebrew translation updated. Closes: #277682 (Lior Kaplan) + * Norwegian Nynorsk translation fixed (commas removed and replaced by + dashes). Closes: #278011 (Christian Perrier) + * Fix commas in Macedonian, Polish, Russian translations which broke the + Choices list the same way they were in Norwegian Nynorsk (Christian + Perrier) + * Fix error in README.SMTP-AUTH, thanks Jari Aalto. (Closes: #276448) (am) + * Make update-exim4.conf more forgiving, working with files that are missing + the final newline. (Closes: #273279) (am) + * Use procmail for delivery if /either/ etc/procmailrc or ~/.procmailrc + exist. (Closes: #267706) (am) + * Shorten overlong template in Catalan (Closes: #277686) (Jordi Mallach) and + Brazilian translation (Closes: #278016) (Andre Luis Lopes) + + -- Andreas Metzler Sun, 7 Nov 2004 19:56:01 +0100 + +exim4 (4.34-6) unstable; urgency=low + + * Uploaded to test changes before we break tpu. + * zh_TW translation of debconf templates by Tetralet. (Closes: #267524) + * bg (Bulgarian) translation of debconf templates by Ognyan Kulev + (Closes: #267603) + * updated translations: + - nl (Dutch) by Bart Cornelis. (Closes: #268168) + * remove osirusoft from dnsbl examples. Thanks to Greg Kochanski for + noticing. Add dnsbl disclaimer. (mh) (Closes: #269501) + * add an example for exim-adduser. (Thanks to Jonas Meurer for the initial + idea, the commited version is different, though.) (mh/am) (Closes: #267792) + * hr (Croatian) translation of debconf templates by Krunoslav Gernhard + (Closes: #270578) + * Do not remove the Debian-exim user in "exim4-config.postrm purge". + Package dependencies are only effective for packages in status installed, + but it is clearly not sane to remove the user until all exim4-packages + are purged. e.g. this can completely break logrotate (Closes: #270681). + + -- Andreas Metzler Sat, 11 Sep 2004 10:29:26 +0200 + +exim4 (4.34-5) unstable; urgency=low + + * The let's test the changes before we upload to tpu release. + * updated translations: + - eu (Basque) by Piarres Beobide Egaña. (Closes: #261912) + - ca (Catalan) by Jordi Mallach. (Closes: #264842) + * Fix broken permissions (not readable for group/other) in upstream tarball + in clean target (thanks to Steve Langasek for help with find). This fixes + "dpkg-buildpackage -rsudo && dpkg-buildpackage -rsudo". (Closes: #262607) + * Stop daemon in "exim4-base.postrm remove". - Under specific circumstances + apt seems to purge -base before removing the depending package (-daemon), + therefore the daemon would not be stopped. (Closes: #261994) + * Build against libgnutls11-dev. (Closes: #263665) + + -- Andreas Metzler Wed, 11 Aug 2004 09:17:35 +0200 + +exim4 (4.34-4) unstable; urgency=high + + * Urgency high because upgrades from woody were broken. + * Exim4 triggers a bug in woody's debconf. - With dialog frontend, invoked + by dpkg-preconfigure you are stuck in a loop, always being asked the same + two questions (split config, and basic configtype) again and again until + you give up and choose split_config=yes although being discouraged from + doing so. I am working around this by making the config-script abort if + debconf is old and we are running in preconfigure mode. (Thanks to Dan + Weber, Adrian Bunk and whoever else wasted brainpower on this.) + (Closes: #246742) (am). + * Arabic (ar.po) translation of debconf templates by the translation team + of Arabeyes.org (Abdulaziz Al-Arfaj). (Closes: #261014) + * Change maintainer address to a mailinglist, add myself to uploaders (am) + * Quote ${dc_mailname} in exim4-config.config. (am) + * Fix grammar error in the original English templates (found by Adam D. + Barratt ages ago). Duplicate fix in .po files.(am) + * Typo/thinko in exim4-config (two 35-clauses) prevented showing a + (unimportant) question for satellite config. Thanks to Fabio Massimo Di + Nitto for finding this. + + -- Andreas Metzler Tue, 27 Jul 2004 16:38:54 +0200 + +exim4 (4.34-3) unstable; urgency=low + + * updated translations: + - es (Spanish) by Javier Fernández-Sanguino Peña (Closes: #251987). Also + shorten overlong string. (Closes: #251316) + - tr (Turkish) by Recai Oktas, fixing overlong translations. + (Closes: #251932) + - de (German) corrected and scrutinized by Helge Kreutzmann. + (Closes: #254038) + - ru (Russian), too long templates shortened by Dmitry Beloglazov. + (Assuming I read Last-Translator correctly) (Closes: #259148) + * Hebrew (he.po) translation of debconf templates by Lior Kaplan. + (Closes: #254026, #257508) + * introduce .ifndef hacks to allow MESSAGE_SIZE_LIMIT, DCreadhost + and DCsmarthost to be changed by the local admin without having to + change dpkg-conffiles (mh). + * Use byname on the smarthost route list (mh). (Closes: #250367) + * Make build-dependency on libldap2-dev unversioned. This was just a paranoia + measure and the buildds are using this version anyway (am). + * escape some dashes in manpages (am). + * Replace the three test -a/-o with &&/|| constructs, and egrep with grep + -E (am). + * Use symbolic name instead of signal numbers for trap (am). + * Add explanation on missing SPF-support to README.Debian (am). + * remove MESSAGE_SIZE_LIMIT rule from DATA acl, use global + message_size_limit instead. Thanks to Matthias Gärtner for pointing + this out to me (mh). + * Increase MAX_NAMED_LIST to 32 for daemon-heavy (am). (Closes: #253959) + * add a reportbug-script to gather additional information. This way we do + not rely on possibly out of date information in debconf (am). + (Closes: #255645) + * Fix off-by-one error in queryprogram router (am). + * set "tls_tempfail_tryclear = false" on remote_smtp_smarthost transport + (am, Thanks to Dan Jacobson for the suggestion). (Closes: #253931) + + -- Andreas Metzler Mon, 19 Jul 2004 15:16:28 +0200 + +exim4 (4.34-2) unstable; urgency=medium + + * Urgency medium because CAN-2004-0400 isstill not fixed in testing and + because this version gets almost every single translation up to date. + * Norwegian nynorsk translation of debconf templates by Håvard Korsvoll. + (Closes: #248810) + * fix debug_print in remote_smtp_smarthost transport. (Closes: #248922) + * For minimal_dns update-exim4.conf(8) now tries to find out the primary + hostname itself and hardcodes this value in the generated configuration + file. (Closes: #241475,#248854) + * updated translations: + - ko (Korean) by Changwoo Ryu (Closes: #249026) + - it (Italian) by Danilo Piazzalunga + - lt (Lithuanian) by Gintautas Miliauskas (Closes: #249269) + - ru (Russian) by Nikolai Prokoschenko (Closes: #249298) + - es (Spanish) by Javier Fernández-Sanguino Peña + - nl (Dutch) by Bart Cornelis + - de (German) doublechecked and corrected by Dennis Stampfer + (Closes: #249925) + - fi (Finnish) by Tapio Lehtonen + - nb (Norwegian bokmål) by Klaus Ade Johnstad (Closes: #250344) + * New bugfix by upstream: "drop" in the DATA acl did not send 550 but dropped + the connection immediately. + * add a debian/watch file. + * Catalan (ca.po) translation of debconf templates by Aleix Badia i Bosch. + (Closes: #250113) + * Polish (pl.po) translation of debconf templates by Tomasz Z. Napierala. + (Closes: #250908) + * Rudimentary (5/58) Bosnian debconf templates translation by Safir + Šećerović (Closes: #251137) + * Document why exim tries to make an AAAA lookup at startup and how to stop + this in README.Debian. (Closes: #243822) + * Compile with -fno-strict-aliasing. Exim uses lots of casts that are not + allowed: "(char **)(&foo)" where foo is a pointer to unsigned char + (sourcecode: CSS(foo) with foo being a uchar), which results in lots of + "dereferencing type-punned pointer will break strict-aliasing rules". + Thanks to Andrew Suffield for the explanation. + * exim4-config uses features introduced in 4.33 - conflict with earlier + versions. (Closes: #249550) + + -- Andreas Metzler Mon, 31 May 2004 10:31:51 +0200 + +exim4 (4.34-1) unstable; urgency=low + + * remove cruft from source + * New upstream version 4.34, exiscan -21 + * includes fix for buffer overflow (CAN-2004-0400) fixed in previous + upload + * Again adds a received header before local_scan() is invoked. + * Adds a missing fclose() that was causing scan directories not + to be deleted on NFS spools. + * add debug_print statements on various routers (mh) + * add docs to smarthost router regarding secondary MX setup (see + #248370) (mh) + * don't ask any more for relay_to_domains if configuring for + smarthost and satellite setup. (Closes: #248370) (am) + * straighten out remote_smtp transport by adding remote_smtp_smarthost + and using that in the smarthost router. (mh) + * add hubbed_hosts router for more flexible routing. (mh) + * add update-exim4.conf.template and use it in debian/rules (Closes: + #248338). (mh) + * remove debian/patches/60_upstream_fixes as the fix is already + included upstream now. (mh) + * add README.Debian-accountname (mh) + * updated translations: + - zh_CN (Simplified Chinese) by Carlos Z.F. Liu (Closes: #248464). (mh) + * Temporarily add a Build-Conflicts with libperl-dev 5.8.4-1. - This version + included a dyna-loader incompatible with programs linked against 5.8.3.(am) + + -- Andreas Metzler Wed, 12 May 2004 22:30:19 +0200 + +exim4 (4.33-1) unstable; urgency=low + + * new upstream version 4.33, exiscan -20: + - includes the patches for rewriting and sighandler. + - new expansion conditions to e.g. match a domain in named domainlist. + * updated translations: + - fr (French) by Christian Perrier (Closes: #245342) + - el (Greek) by Konstantinos Margaritis. + * Document known configuration variables in update-exim4.conf(8). + * Make use of ${if match_domain to get rid of the ugly hack (two transports + and two routers) to rewrite the envelope from. + * Apply fix for verify=header_syntax buffer overflow (CAN-2004-0400). + + -- Andreas Metzler Thu, 6 May 2004 18:17:05 +0200 + +exim4 (4.32-2) unstable; urgency=low + + * updated translations: + - pt (Portuguese) by Nuno Sénica. (Closes: #244296,#245694) + - el (Greek) by Konstantinos Margaritis (Closes: #244354) + - cs (Czech) by Miroslav Kure (Closes: #244368) + - da (Danish) by Claus Hindsgaul (Closes: #244508) + - it (Italian) by Danilo Piazzalunga (Closes: #245174) + - fr (French) by eric-m(at)wanadoo.fr (Closes: #245342) and Christian + Perrier + - ja (Japanese) by Kenshi Muto (Closes: #245430) + - hu (Hungarian) by VEROK Istvan + - nb (Norwegian Bokmål) by Steinar H. Gunderson + - pt_BR (Brazilian Portuguese) by André Luís Lopes + - ja (Japanese) by Kenshi Muto + - cs (Czech) by Miroslav Kure + - sv (Swedish) by André Dahlqvist (Closes: #245716) + * Basque (eu.po) translation of debconf templates by Piarres Beobide Egaña. + (Closes: #244401) + * Indonesian (id.po) translation of debconf templates by I Gede Wijaya S. + (Closes: #245120), updated (Closes: #245491) + * Turkish (tr.po) translation of debconf templates by Recai Oktas. + (Closes: #245751) + * Slovak translation of debconf templates by Peter Mann (Closes: #245809) + * Add comment in configuration file documenting that effective retry times + depend on _both_ retry-rules and frequency of queue running. Keep + default QUEUEINTERVAL at 30m because running the queue can be quite + expensive and because therespective RFCs suggest 30m as minimal waiting + time. (Closes: #242426) + * Installation over serial console/minicom only has a screen size of 80 + characters x 24 lines available. Sigh. Shorten config-type question by + cutting down the introduction. (Closes: #244464). Shorten relay-net + question by replacing a unnecessarily complicated formulation with a + clearer one which closes: #226809. + * Debconf supports masquerading as a different host with rewriting not only + for "satellite" but also for "smarthost" system. (Closes: #229911). + - Introduces another but hopefully last pre-sarge template change. + (This includes final versions of the templates without the dead + references to "satellite" which closes: #229902.) + - Rewrite /this/ stuff at smtp transport time. /etc/email-addresses + rewriting still uses normal rewriting because it always has and because + it is easier to setup. + - This still does not address one basic issue, the misuse of /etc/mailname + for qualifying recipeints because this needs clarification in policy + _and_ changing MUAs to not do this. Therefore I declare this post-sarge. + - Thanks to Chris Cheney for the kick, and to Adam Conrad and Wouter + Verhelst for their help. + * Add two fixes from upstream: + - Change 4.31/55 was buggy and broke sender address rewriting and caching. + - Change 4.24/6 broke the SIGALRM handler with deliver_drop_privilege. + * README.TLS.gz and the actual configuration disagreed (Thanks, Richard + Lamont). + * Fix thinko in update-exim4defaults that made --queuetime a no-op. + + -- Andreas Metzler Mon, 26 Apr 2004 09:12:23 +0200 + +exim4 (4.32-1) unstable; urgency=low + + * New upstream version 4.32 (exiscan 4.32-17) + - includes the fix for the caching bug and uses MAIL FROM <> as default + value for recipient callouts again. + - new exiscan adds a local "Received:" header to the copy passed to + spamassassin tofix evaluation of DNS lists, compensating for + ChangeLog 4.31/66. (Closes: #242730) + * Remove obsolete reference to auth_over_tls_hosts from documentation. + (Thanks Jonas Meurer) + * Enable SMTP authentication (hosts_try_auth) per default when sending + mail to smarthost. No need to edit the configuration-file anymore if you + just need to forward all mail to a smarthost with AUTH. (Closes: #203307) + * Hungarian translation of debconf templates by VEROK Istvan. + (Closes: #242931) + * remove "exim 3 will stay default MTA for Debian sarge" from + README.Debian as TPTB have decided otherwise. (Closes: #243687). + * Rewrite "Sender:"-header for "satellite" configuration profile, too. + (Closes: #228978) + * Use the normal user account set-up during installation as default + destination for delivery of mail for root. (Joey Hess) + * Shorten exim4/dc_postmaster template to fit on console. (Joey Hess) + (Closes: #242303) + * In template suggest using real-foo to force local delivery. + (Closes: #229909) + * Template changes reviewed by debian-l10n-english. There might still be + more changes, translators should probably wait a little bit longer before + updating the translation. + * On fresh installations smarthost profile only listens on loopback per + default. - There are valid uses of "smarthost" that require listening on + public interfaces but the most common one (dialup) does not. + * Ship README.Debian.UUCP by Andreas Barth in /usr/share/doc/exim4-base. - + This resolves our part of #201153. + + -- Andreas Metzler Sat, 17 Apr 2004 18:02:42 +0200 + +exim4 (4.31-2) unstable; urgency=low + + * Fix caching bug in recipient callouts. (Nico Erfurth). + * Document removal of local_scan perl-plugin in NEWS.Debian file. + (Closes: #242227) + + -- Andreas Metzler Mon, 5 Apr 2004 15:55:12 +0200 + +exim4 (4.31-1) unstable; urgency=low + + * New upstream version 4.31 (exiscan 4.31-16) + - Supports CRL (Certificate Revocation List) (Closes: #229063) + - exim_dbmbuild does not crash on _very_ long RHS values. + (Closes: #231597) + - route_list does not use a fixed lenght buffer anymore. (Closes: #231979) + - An empty tls_verify_certificates file is correctly interpreted as empty + list instead of breaking TLS. (Closes: #236478) + * Korean translation of debconf templates by Changwoo Ryu (Closes: #241499) + * Minor changes to rcpt_acl: + * add missing message = qualifiers. (Closes: #240862) + * resync against upstream default, incorporating change 4.23/30, allowing + "/" and "|" in nonlocal addresses. + + -- Andreas Metzler Mon, 5 Apr 2004 12:00:54 +0200 + +exim4 (4.30-8) unstable; urgency=low + + * remove dc_never_users from /etc/exim4/u-ex.conf.conf and the corresponding + pattern DEBCONFnever_usersDEBCONF from the template. The code is + superfluous since 4.24 introduced FIXED_NEVER_USERS and was broken, user + changes were not preserved. (am) + * Link against libmysqlclient10 instead of libmysqlclient12 to circumvent + symbol-clashes when using PAM with libpam-mysql. (Closes: #235938) (am) + * Dump temporary build-conflict with broken po-debconf. (am) + * Copy ugly passwd-dependency from -base to -config. (am) + * Do not throw away adduser's errormessages. Together with the added + dependency noted above this (Closes: #237657). (am) + * Installed copy of default configuration-file (example.conf) refered to the + temporary install-directory. Ugly hotfix. (Closes: #236483) + * Italian translation of debconf templates by Danilo Piazzalunga. + (Closes: #237500) + * Rewrite generation of /etc/aliases because it was broken when running + under debbian-installer/debootstrap, which installs the packages with + DEBIAN_FRONTEND=nointeractive and reconfigures them later (report by + Florian Effenberger). (am) + Instead of generating it _once_ and touching it never again ask for and + add alias for root if it is missing. Debconf template + exim4/dc_noalias_regenerate is not used any more. (Closes: #237524) + * Norwegian Bokmål translation of debconf templates by Steinar H. Gunderson. + (Closes: #237680) + * Dump local_scan perl-plugin. Upstream development has stopped. (am) + * Maintainer scripts now run with -x if environment variable EX4DEBUG + is set (mh). + * Minor clarifications of debian/README (mh). + * rm -rf Local on debian/rules clean (mh). + * Swedish translation of debconf templates by André Dahlqvist. + (Closes: #238987) + * Portuguese (pt) translation of debconf templates by Nuno Sénica. + (Closes: #239030) + * Lithuanian translation of debconf templates by Kęstutis Biliūnas. + (Closes: #239118) + * Add examples for client certificate-checking by J.H.M. Dassen (Ray) + (Closes: #236609) + * Adapt README.* to /etc/exim4/exim4.conf.template (am) + * Update to exiscan v16 + + -- Andreas Metzler Wed, 24 Mar 2004 15:39:35 +0100 + +exim4 (4.30-7) unstable; urgency=low + + * 4.30-6 was rejected, we use | and || for OR in dependency fields. + * libldap2 now uses GnuTLS10. Follow suit. (Temporarily bumped libldap2-dev + build-dependencies for paranoia's sake.) + + -- Andreas Metzler Mon, 23 Feb 2004 17:03:58 +0100 + +exim4 (4.30-6) unstable; urgency=low + + * Finnish translation of debconf templates by Tapio Lehtonen. + (Closes: #229792) + * Simplified Chinese translation of debconf templates by Carlos Z.F. Liu. + (Closes: #229910) + * Spanish translation of debconf templates by Javi Castelo. (Closes: #232207) + * To increase robustness set explicit "domains = +local_domains" on all the + routers that are supposed to be handling _only_ local mail (i.e. anything + after dnslookup or smarthost) instead of relying on the no_more. + + If the router handling remote addresses was modified by adding a + precondition the address would have wrongly been handled by the later + routers if the precondition failed, breaking at least "verify = sender". + (Closes: #230403) (am) + * In the data ACL add a Message-ID header to mails injected with SMTP from + +relay_from_hosts. (Exim stopped doing this by default in 4.30.) (mh) + * binary-all metapackage exim4 does not depend anymore on exim4-base with + exactly the same version. There is no necessity for dependencies that + strict and it broke both binary NMUs and installability on lagging + architectures. (Closes: #231678) (am) + * Give way to the "I use sid but keep it outdated by not running apt-get + upgrade ever."-fraction. exim4-base now depends on working versions of + passwd i.e. the version in woody or the one that has been in sid + for more than 6 months. (Closes: #230423,#230836,#231111) (am) + * in source-package symlink identical maintainerscripts. (am/mh) + * Ship README.Debian.xinetd, explaning why we do not use (x)inetd and how to + use xinetd properly if you insist. (Closes: #226627) + * Update Build-Depencies to fit the XFree86 4.3 packages. + * Make new lintian happy by quoting section and needs in eximon's + menu-file. + + -- Andreas Metzler Mon, 23 Feb 2004 15:48:56 +0100 + +exim4 (4.30-5) unstable; urgency=low + + * Only use db_settitle if available (Closes: #226992) (am) + * Up to date debconf translations for all nine supported languages, thanks + to the translators: Miroslav Kure (Czech), Claus Hindsgaul (Danish), + Konstantinos Margaritis (Greek), Christian Perrier (French), + Kenshi Muto (Japanese), Bart Cornelis (Dutch), André Luís Lopes + (Brazilian Portuguese) and Ilgiz Kalmetev (Russian) (am) + * After merging translations split the configtype-template, using the + __Choices trick. I don't think I made any errors because podebconf's + output has not changed. (am) + * Don't use /etc/mailname (DEBCONFvisiblenameDEBCONF) as primary_hostname + for minimaldns option. (Closes: #225477) + * (Re)introduce /etc/exim4/exim4.conf.template as alternative to the + multiple small files in /etc/exim4/conf.d/ and make it the default choice + for fresh installations. This trades in a loss of comfort (you will again + need to merge in each small change manually) for increased stability. + (Closes: #224828) (am) + * Disable piping to programs in /etc/aliases per default, because they would + run as Debian-exim:Debian-exim per default. Add README.system_aliases + suggesting dedicated router/transport pairs (am/mh) (Closes: #228062) + * modify create-custom-package and adapt debian/rules to allow + building multiple named custom packages in a single build. (mh) + * "dpkg-reconfigure exim4-config" actually tells exim4 to read the updated + configuration. (am) + * Use -qqf instead of -qf in the ip-up.d file to force delivery of all + messages over a single SMTP connection. (Closes: #228001) + + -- Andreas Metzler Wed, 21 Jan 2004 15:09:00 +0100 + +exim4 (4.30-4) unstable; urgency=low + + * Updated Japanese debconf template translation by Kenshi Muto + (Closes: #224584) + * Remove bashism from update-exim4.conf (Closes: #224617) (Jochen Voss) + * Czech translation of debconf templates by Miroslav Kure (Closes: #225713) + * Fix typos in README.Debian. (Closes: #225149) (Vincent Lefevre) + * Replace first, too long debconf question with three short ones (Joey + Hess) (Closes: #222720) + * Use a custom debconf title. (Closes: #222715) + * Greek translation of debconf templates by Konstantinos Margaritis + (Closes: #226844) + + -- Andreas Metzler Fri, 9 Jan 2004 09:12:07 +0100 + +exim4 (4.30-3) unstable; urgency=low + + * update debian/copyright from NOTICE. (No substantial changes, credits + for new code) (am) + * missing \| made exim4-base.postinst configure hang. (Closes: #224294) (am) + * update-exim4.conf: Don't try chown if not running as root. (mh) + * Remove useless definition of an auth_over_tls_hosts hostlist in + 03_exim4-config_tlsoptions. - It was probably a leftover from somebody + running convert4r4. (am) + * Make it possible to override spooldir in another config-file snippet, too. + (Closes: #223973) + + -- Andreas Metzler Fri, 19 Dec 2003 15:27:50 +0100 + +exim4 (4.30-2) unstable; urgency=low + + * Fix exim4-base.logrotate to create logfiles accessible for the new + exim-user. (Closes: #223860,#223862) + * comment in 03_exim4-config_tlsoptions refered to the user "mail" too. + + -- Andreas Metzler Sat, 13 Dec 2003 15:01:20 +0100 + +exim4 (4.30-1) unstable; urgency=low + + * Exim now runs under its own uid (Debian-exim) instead of using + mail:mail. (am) + + WARNING: You cannot downgrade this version to an older one without + manual chown|chgrp all files owned by Debian-exim to mail. + + - control: dependency on adduser and virtual package exim4-config-2 to + force review of external -config packages. + - use a statoverride for passwd.client. + - different postinst scripts: + * adduser. + * chown|chgrp files/directories owned by mail (group|user) to + Debian-exim. + * update-exim4.conf does not exit immidiately if /etc/exim4/exim4.conf + exists AND -o is specified. (Bill Moseley) + * Brazilian Portuguese debconf template translation by André Luís Lopes + (Closes: #219781) + * Dutch debconf template translation by Bart Cornelis (cobaco) + (Closes: #220694) + * Pull Dansk debconf template translation from ddtp. + * Use a macro to make it possible to overide the value of spool_directory + with -DSPOOLDIR=. Needed for mailscanner, (Closes: #221468), suggested by + Matthias Klose. + * enable support for Cyrus saslauthd (package sasl2-bin, + /var/run/saslauthd/mux) for SMTP AUTH against /etc/shadow. (am) + * Christian Perrier has reviewed the debconf-templates and changed them to + follow the "Debconf Templates Style Guide". (Closes: #221838) Thanks to + the (ru|nl|fr|pt_BR) translators for updating their translations. + * New upstream version 4.30 with exiscan 4.30-14 (am) + - option table for -d in exim(8) readable (but not perfect). + (Closes: #214853) + - Messages for configuration errors now include the name of the main + configuration files (Closes: #202136) + - does not reject IPv6 address literals in EHLO/HELO anymore + (Closes: #222521) + * exim4-config.config: support going back to previous *package* when invoked + by base-config 2.0. (Closes: #222773). Suggested by Joey Hess. (am) + * exim4-config now conflicts with non-exim4 packages providing MTA, to keep + dselect from automatically installing it (and -base) on dist-upgrades on + systems that use a different MTA. (mh) + * exim4-base depends on netbase again because exim requires + /etc/services.(mh) + * reindent init-script with two spaces instead of tabs to fit it in 80 + chars/line. (Closes: #221458) + + -- Andreas Metzler Mon, 8 Dec 2003 16:52:32 +0100 + +exim4 (4.24-3) unstable; urgency=low + + * rename create-custom-package to create-custom-config-package (mh) + * add create-custom-package to create renamed exim4-daemon-custom (mh) + * README.TLS: Don't suggest to use commands messing up the local terminal + (Sander Smeenk) + * Pull Dansk debconf translation from ddtp (not yet up to date) + * correct last references to uncompressed /u/s/d/e/README.Debian + (Closes: #216639), also kill references to exim-tls. (Closes: #216979) + (Kevin "Starfox" Arima). (am) + * add exim4-config-medium template package to sources, document (mh) + * Update to exiscan 4.24-13 (bugfix-release). + * Ask about mailname after configtype. (Closes: #217931) (am) + * minor thinko in debconf "local mail only"-config. (am) + * update-exim4.conf: now add comment indicating the source file + (Closes: #202040) (mh) + * add --confdir option to update-exim4.conf (mh) + * add "nodaemon" and "queueonly" option to /etc/default/exim4 and + init script (mh). + * Fix po2debconf on woody systems with old debhelper and po2debconf. (am) + * exim4-config does not depend on exim4-base. (am) + * Use "command -v" to check for existence of invoke-rc.d instead of + hardcoding its path. (am) + * Russian debconf translation by Ilgiz Kalmetev (Closes: #219101) + + -- Andreas Metzler Tue, 4 Nov 2003 12:18:38 +0100 + +exim4 (4.24-2) unstable; urgency=low + + * Grammar of debconf-templates rectified by Ben Foley. + * Handholded by Denis Barbier I have imported debconf translations from + postfix: fr.po (Philippe Batailler), ja.po (Kenshi Muto), nl.po (Bart + Cornelis) and pt_BR.po (André Luís Lopes). It is just 5 translated + messages, 4 fuzzy translations, but it's a start. + * No more first person in debconf-templates (Adam D. Barratt) + * README.TLS was updated. + * pseudopackage libxaw-dev is gone in sid (and libxaw7-dev is already + available in woody) - Removed from build-depends. + * French debconf translation by Christian Perrier (Thanks for the other + hints, too.) + * Build-Conflict with broken po-debconf (= 0.8.0). (Closes: #215432) + * Add menu-entry for eximon (Artur R. Czechowski) (Closes: #215579). + * Resolve name-clash between client- and server-side authenticators (Bug + found by Rob Ristroph) + + -- Andreas Metzler Wed, 15 Oct 2003 12:45:49 +0200 + +exim4 (4.24-1) unstable; urgency=low + + * New upstream version + - 55_fixesfrom-4.23.dpatch is not needed anymore. + - most interesting new feature: $acl_xx are now saved with the + message, and can be accessed later in routers, transports, and filters. + - Cannot run deliveries as root anymore. If you don't redirect mail for + root via /etc/aliases or other means to a nonpriviledged account the + mail will be delivered to /var/mail/mail with permissions 0600 and owner + mail:mail. Change to local_user router to keep it from trying to route + mail for root. + * debconf for exim4-config pointed to /u/s/d/e/README.Debian but the + file is available as README.Debian.gz (Closes: #211934) + * exim(8) manpage provides correct NAME section for mailq/runq/... to + generate corresponding whatis/apropos info (Thanks to Dan Jacobson + for mentioning lexgrog(1)) + * polish and crosslink documentation about SMTP AUTH in config-files, + documentation and debconf templates. (Closes: #202920) + * Ship README.SIEVE (Thanks to Ross Boylan) + * Sync some debconf templates against the respective ones in postfix + 2.0.16, to limit the work of translators. + * update-exim4defaults/init-script: Add a new value fuer QUEUERUNNER, + "ppp". - Don't run queue by daemon but still run it from + /etc/ppp/ip-up.d/exim4. (Dan Jacobson pointed out that this was very + akward to accomplish with old setup.) update-exim4defaults now exits with + an error if the argument for --queuerunner is invalid. + * Enable gettext-style localisation of debconf templates with + compatibility code for woody + * Add German debconf-translation. (Some strings were copied from Martin A. + Godischs translation of postfix's templates). + + -- Andreas Metzler Sun, 5 Oct 2003 13:41:30 +0200 + +exim4 (4.22-5) unstable; urgency=low + + * Sorry, this is not 4.23. Tom is on holidays and because 4.23 changes + some ACL code, exiscan needs in depth checking and not just applying the + patch by hand. + * exim4-config conflicts with bash (<< 2.05), because it cannot handle + aliases in functions. This does not necessarily fix dist-upgrades + from potato to sarge because debconf-config might happen before the + new bash is installed but will keep people running potato from + trying to install exim4-config. (Closes: #209720) + * sanitize /usr/sbin/exim4's permissions, building with 007 umask + could have installed it -rws--x--x + * evaluation -oP option for specifying pid-file is broken in 4.22, use fix + from 4.23 (Closes: #210847) + * "warn log_message blah" in DATA acl triggered dumping of full headers + to reject.log, although the message was not rejected by this acl + statement. Take fix from 4.23. (Closes: #208782) + * On cross-upgrades from exim3 unfold lines continued with a backslash + in the old exim3 configuration before trying to parse it to preanswer the + debconf-questions. (Closes: #210404) First instance of using perl in our + maintainer-scripts, but I could not do it with sed. + + -- Andreas Metzler Fri, 19 Sep 2003 13:55:07 +0200 + +exim4 (4.22-4) unstable; urgency=low + + * Update to exiscan-acl revision -12. (Emergency fix: When you were using + 'discard', and it was the last verb affecting a message, the mbox spool + files in the scan directory were not cleaned up.) + * Add syslog2eximlog by Martin Godisch, a script to make logfiles produced + with exim option "log_file_path = syslog" readable for eximstats. + (Closes: #208524) + * Enhance description of -heavy and light a little bit. (Closes: #208404) + * Standards-Version: 3.6.1, no changes required, we already prompt with + debconf. + + -- Andreas Metzler Thu, 4 Sep 2003 19:19:25 +0200 + +exim4 (4.22-3) unstable; urgency=low + + * Add copright notice of exiscan-acl to debian/copyright. + + -- Andreas Metzler Wed, 27 Aug 2003 17:49:46 +0200 + +exim4 (4.22-2) unstable; urgency=low + + * Include exiscan-acl patch 4.22-10 http://duncanthrax.net/exiscan-acl/ + in -heavy and -custom (Closes: #204698) + * clean up gnutls-params on purge of base-package. + + -- Andreas Metzler Wed, 27 Aug 2003 12:50:59 +0200 + +exim4 (4.22-1) unstable; urgency=low + + * new upstream version 4.22. Please take a look at README.UPDATING + and NewStuff in /usr/share/doc/exim4-base/ + + -- Andreas Metzler Mon, 18 Aug 2003 16:51:47 +0200 + +exim4 (4.20-5) unstable; urgency=low + + * Fix EHLO/HELO buffer-overflow CAN-2003-0698 (Closes: #205716) + * exim-gencert was using '.' as separator for chown. + * "head -n 1" instead of "head -1" in scripts + * install /etc/exim4/passwd.client as root:mail 0640 (Closes: #205104) + (it needs to be readable for the exim-user or -group, i.e. mail:mail) + * set mode_fail_narrower = false for mail_spool and maildir_home transports + (Closes: #204228) + * Standards-Version: 3.6.0, no changes required. + + -- Andreas Metzler Sat, 16 Aug 2003 17:40:17 +0200 + +exim4 (4.20-4) unstable; urgency=low + + * CFILEMODE and dc_local_interfaces were not saved in update-exim4.conf.conf + on fresh installations. + * update-exim4.conf: Remove comments _after_ doing DEBCONFpatternDEBCONF + replacement. + * conf.d/auth/30_exim4-config_examples: Fix forced failure of AUTH LOGIN + client on non-encrypted connections. + + -- Andreas Metzler Tue, 5 Aug 2003 10:38:16 +0200 + +exim4 (4.20-3) unstable; urgency=low + + * hub_user router: set correct .ifdef, remove superficial condition= + * don't generate main/03_exim4-config_neverusers dynamically, use + a DEBCONF_foo pattern that is replaced by up-ex4.conf. exim4 should + now play nicely with readonly /etc. + * Enable exim-filter in .forward per default. (Closes: #201827) + * Enable maildrop-delivery for users with ~/.mailfilter + * Easier setup of client side SMTP authentification: + -short README file. + -passwd.client example shipped in CONFDIR + -30_exim4-config_examples: + +change order, prefer cram-md5. + +enable by default (auth-plain and -login only for TLS protected + connections). They remain inactive while hosts_try_auth is + disabled. + * add comments listing the filename to the files in conf.d that were + changed anyway. Addresses part of 202040. + * remove misleading comments about "bottom of file" or "see below" + from config-snippets. (Closes: #202165) + * Disable orphaned inetd-entries from exim (v3) caused by bugs #202670 and + #182206 in exim4-config's postinst. I'll close #201143 manually. + * Restructure and clarify README.Debian and polish update-exim4.conf(8). + Thanks to Ross Boylan for pushing me in the correct direction. + + -- Andreas Metzler Thu, 24 Jul 2003 10:29:19 +0200 + +exim4 (4.20-2) unstable; urgency=low + + * update-exim4.conf works without daemon-package (Closes:#195329) + * Add dnslookup_relay_to_domains router for "internet" config to + allow relaying for domains with an MX pointing to an rfc1918 + address. (Closes: #198410) (MH) + * update-exim4.conf would hang if one of the subdirectories in conf.d + was empty. (Report and fix by Marc Merlin) + * Build-Depend on libgnutls7 + * Preserve comments in update-exim4.conf.conf by first adding missing + items and replacing the values with sed instead of regenerating file + from scratch (Closes: #184099) + * Set return_path_add, delivery_date_add and envelope_to_add for + maildir-transport (Closes: #196178) + * Use email-addresses file in /etc/ instead of in /etc/exim4 as exim3 does, + exim4-config now needs to conflict with exim,exim-tls. We still include + code for evaluating the old file if it exist, but suggest moving the + contents to the new file in NEWS.Debian. postinst will remove old orphaned + file if it is unmodified. (Closes: #197136) + * Set return_fail_output instead of return_output on address_pipe transport. + (Closes: #201280) + * Stop generating rewriting rules dynamically, exim4 accepts any + "address-list" item as source-pattern for rewriting. (Changelog entry + obfuscated on purpose, read exim4debian for painful details.). Remove old + dynamically generated files in postinst if they were managed by upex4conf. + * daemon-light supports TLS (Closes: #193596) + + -- Andreas Metzler Wed, 16 Jul 2003 13:36:27 +0200 + +exim4 (4.20-1) unstable; urgency=low + + * New upstream + * Standards-version 3.5.10 (no changes required) + * The doc packages have got new sane names - update Suggests. + * Fix a endless loop (currently ownly showing when upgrading from old + experimental packages) - Thanks to Marc Langer for the report. + * introduce ${Upstream-Version} as substitution variable for + debian/control (MH) + * Make dependencies less strict, *-daemon-* 12.34-1 can be installed with + -base 12.34-5. + + -- Andreas Metzler Mon, 19 May 2003 14:14:16 +0200 + +exim4 (4.14-1) unstable; urgency=low + + * Upload to sid (Closes: #179066) + * Ship an (empty) acl_check_data with commented out examples. Add + Infrastructure to ease their activation. (MH) + + -- Andreas Metzler Fri, 16 May 2003 18:02:46 +0200 + +exim4 (4.14-0.6) experimental; urgency=low + + * Don't link to gnutls' (tasn,gcrypt) dependencies directly + (Closes: #193018) + * fix AUTH PLAIN server side example to work if the data is not given + in initial-response (exim-bug 193094) + * ACL-updates (MH) + + -- Andreas Metzler Wed, 14 May 2003 12:16:06 +0200 + +exim4 (4.14-0.5) experimental; urgency=low + + * updated version of dlopen patch (Marc Merlin) + * don't regenerate files managed by update-exim4.conf on package + updates if the local admin had deleted them. + * replace the listenonpublic yes/no question with one that allows one to + specify on which interfaces to listen to (Closes: #190498) + * new dc-question for dial-on-demand-users to minimize DNS lookups + + -- Andreas Metzler Thu, 1 May 2003 16:03:59 +0200 + +exim4 (4.14-0.4) experimental; urgency=low + + * Renamed conf.d files from *exim4-base* to *exim4-config* since + they can now be found in the exim4-config package. + WARNING, this breaks updates. After installation, execute + something like the following bash snipped to rename your files: + for i in `find . -name *exim4-base*`; do mv $i ${i/exim4-base/exim4-config}; done + (MH) + * Include more sophisticated check_rcpt ACL, include documentation, + include even more sophisticate check_rcpt ACL in + /u/s/d/e4-config/examples/acl. (MH) + * update-exim4.conf now filters out consecutive empty lines (MH) + * make update-exim4.conf's behaviour for configtype=none more consistent, + respect CFILEMODE and --removecomments. (Thanks to Marc Merlin) + * add warning about editing /etc/exim4/exim4.conf in place (Marc Merlin) + * use .rul instead of .disabled to override/disable configfiles in + /etc/exim4/conf.d/ (Suggested by Marc Merlin) + * fix smtp auth client-side examples (Closes: #188828), thanks to Karl + M. Hegbloom for the bug report (AM) + * add @DPATCH@-tag to patches, as required by dpath-edit-patch in + dpatch 1.17 (AM) + + -- Andreas Metzler Fri, 25 Apr 2003 12:37:50 +0200 + +exim4 (4.14-0.3) experimental; urgency=low + + * add '|| true' to every call of db_input. (Thanks to Pierfrancesco Caci for + the bugreport.) (Closes: #187008) + * Don't set received_header_text in 02_exim4-base_options, use upstream's + default. + * renumber routers to have more space for local customization. + WARNING WARNING upgrade is broken, execute this in + /etc/exim4/conf.d/router to get rid of the superfluous files: + mv 20_exim4-base_domain_literal 100_exim4-base_domain_literal + mv 22_exim4-base_primary 200_exim4-base_primary + mv 24_exim4-base_real_local 300_exim4-base_real_local + mv 26_exim4-base_system_aliases 400_exim4-base_system_aliases + mv 28_exim4-base_hubuser 500_exim4-base_hubuser + mv 30_exim4-base_userforward 600_exim4-base_userforward + mv 32_exim4-base_procmail 700_exim4-base_procmail + mv 34_exim4-base_maildrop 800_exim4-base_maildrop + mv 36_exim4-base_local_user 900_exim4-base_local_user + * add *syntax_errors* directives to userforward router, to use partially + valid .forward files instead of skipping them. (Marc Haber) + * update mysql build-depends + + -- Andreas Metzler Wed, 9 Apr 2003 16:19:46 +0200 + +exim4 (4.14-0.2) experimental; urgency=low + + * upstream fix for crash with AUTH PLAIN + * upgrade to policy 3.5.9.0 (CFLAGS in debian/rules) + * Add (maildir) transport for handling file addresses generated by + alias or .forward files if the path ends in "/", enabled for .forward per + default, but not for /etc/aliases. Thanks to Andreas Horter. + * add debconf question to move files from exim3 spool to exim4 spool + * run exim_tidydb as mail:mail using start-stop-daemon + * Make manpages UTF-8 compatible with nicer quotes and escaped dashes. + * fakeroot debian/rules builddaemonpackages=exim4-daemon-custom \ + buildbasepackages=no binary produced a broken exim4-config package. + (Bug found by Soren Andersen) + * introduce new replacement item DEBCONFpackageversionDEBCONF holding + the complete version number, might be useful for Received headers (Marc + Haber) + + -- Andreas Metzler Thu, 27 Mar 2003 17:04:02 +0100 + +exim4 (4.14-0.1) experimental; urgency=low + + * New upstream version + * 20_fix.lsearch.dpatch not needed anymore + * use new feature .ifdef instead of simulating it with condition=... + * change priority of exim4-daemon-light to important + + -- Andreas Metzler Thu, 13 Mar 2003 15:03:41 +0100 + +exim4 (4.12-0.2) experimental; urgency=low + + * instead of generating 22_exim4-base_primary by copying the correct + file into it, use condition=... to select the correct one. Similar + change to 28_exim4-base_hubuser + + -- Andreas Metzler Thu, 6 Mar 2003 11:55:55 +0100 + +exim4 (4.12-0.1) experimental; urgency=low + + * minimal doc-updates + * init-script: output status-message before starting upex4conf() + * polish smtp-auth examples - don't hardcode passwords in main + configuration file. + * change default file-permissions of configfile to 0644. This can be changed + by setting CFILEMODE in the default file. + * rename debian/patches/*, giving each one an unambiguous number + * ignore private rfc1918 and APIPA addresses in internet router (MH) + * correct info about authorship of dlopen patch + * don't link exim4-daemon-light against PAM (explicitly link it against libdl) + * same_domain_copy_routing = yes for primrout-internet, primrout-satellite + and primrout-smarthost (MH) + * rename debconf.results to update-exim4.conf.conf, add upgrading-magic for + upgrading from 4.12-0 and earlier (marked as REMOVEMEBEFORERELEASE) + * introduce REMOVEMEBEFORERELEASE-tag, grep -r on debian/ will show us all + the cruft that needs to be removed before uploading to unstable. + + -- Andreas Metzler Wed, 5 Mar 2003 19:03:59 +0100 + +exim4 (4.12-0) experimental; urgency=low + + * removed TODO marker from the copyright file + * version number for first Debian upload + * built i386 binary package on sid + + -- Marc Haber Fri, 21 Feb 2003 14:40:42 +0100 + +exim4 (4.12-0.0.21) experimental; urgency=low + + * update copyright + * exim-gencert: generate certificates valid for three years instead 30 + days + * remove debian/debconf/exim4.conf.template + * enable LMTP, LOOKUP_NIS and mailstore for daemon-light + + -- Andreas Metzler Fri, 21 Feb 2003 12:55:40 +0100 + +exim4 (4.12-0.0.20) experimental; urgency=low + + * ship /usr/lib/exim4/exim4 and use it to check whether daemon package + is installed. + * Exim doesn't require a HUP after logrotation. (See spec 44.2) (MH) + + -- Andreas Metzler Thu, 20 Feb 2003 19:23:45 +0100 + +exim4 (4.12-0.0.19) experimental; urgency=low + + * Ship upstream-changelog only in exim4-base, Symlinks in packages depending + on it. Split off changelog entries up to 3.34-1 to changelog.Debian.old + which is only included in exim4-base. - Spares about 100KB. + * Ship ACKNOWLEDGMENTS in exim4-base docs. + * remove debian/exim4-config.docs, files are already shipped in exim4- + base + * disable some the unneeded dh_* commands from binary-indep target. + * make exim4 a metapackage + + -- Andreas Metzler Thu, 20 Feb 2003 12:41:17 +0100 + +exim4 (4.12-0.0.18) experimental; urgency=low + + * split off all configuration to exim4-config + * include exim4-config-simple source package + * include script to generate exim4-config source package + * changed distribution to experimental + * Add patch by Phil Hazel to fix lsearch*@ lookups. (AM) + * Remove exim4-daemon-perl; merge it into exim4-daemon-heavy (AM) + * Prepare removal of "exim4" daemon-flavour: Exchange the roles of + "exim4" and "exim4-daemon-light" in debian/rules: build helper + binaries, eximon, et.al. while building exim4-daemon-light. Rename + EDITME.exim4-base.diff to EDITME.exim4.diff. (AM) + ----- + WARNING: This breaks your debian/EDITME.exim4-custom.diff, as it was + generated to show the differences to debian/EDITME.exim4-base instead of + EDITME.exim4-light. (AM) + ----- + + -- Marc Haber Tue, 18 Feb 2003 16:16:45 +0100 + +exim4 (4.12-0.0.17) unstable; urgency=low + + * mv 26_exim4-base_aliases 26_exim4-base_system_aliases (MH) + * mv 30_exim4-base_forward 30_exim4-base_userforward (MH) + * WARNING: upgrades are broken! + -After ugrading delete conffiles no longer in package in directories + below /etc/exim4/conf.d/: + router/26_exim4-base_aliases + router/30_exim4-base_forward + * all file names for transports and routers are now consistent with + Transport/Router defined inside (MH) + * add debug_print to all transports/routers (MH) + * add cut -d\ -f1 to all md5sum calls in pipes (MH) + * add man page for exiqgrep (MH) + * fix typos in exiqsumm and exicyclog man page (MH) + * Don't install exim.8.diff as manpage, apply the patch instead. (AM) + + -- Andreas Metzler Sat, 15 Feb 2003 16:35:26 +0100 + +exim4 (4.12-0.0.16) unstable; urgency=low + + * Define CONFDIR-macro and use it in update-exim4.conf and some files in + CONFDIR. (AM) + * Enhance update-exim4.conf: remove comments by default, allow to write + output to a different file. (AM) + * update-exim4.conf: check validity of configfile before installing it + * fix breakage with newer md5sum - thanks to Sander (AM) + * check in init-script for smtp-service in inetd that is compatible with + openbsd-inetd's extended syntax (Hubert Chan) (AM) + * Don't link against libwrap, exim3 doesn't either (Alexander Koch) (AM) + + -- Andreas Metzler Fri, 14 Feb 2003 19:55:54 +0100 + +exim4 (4.12-0.0.15) unstable; urgency=low + + * If exim4/dc_listenonpublic=false add an explaing line to the + resulting configfile instead of a blank-line (Marc Haber) + * In postinst and cronjob make sure that db files are owned by + mail:mail + * Add buzzword convert4r4 to description of "No configuration" profile + * Body of manpage exim_convert4r4: s/convert4r4/exim_convert4r4/g + * Change maintainer, add Marc Haber to Uploaders + + -- Andreas Metzler Sun, 2 Feb 2003 22:06:06 +0100 + +exim4 (4.12-0.0.14) unstable; urgency=low + + * fix bugs found by Marc Haber: + - search for email-addresses file in /etc/exim4/ + - s/hostname -fqdn/hostname --fqdn/ + * exim4-base.config: don't grep in /etc/aliases if does not exist yet. + * clear up config-script, using both $mailname and $dc_mailname was + irritating. + * fix wrong logic for aliases generation (= instead of !=) + * fix major breakage of debconf code: config-script is called two times + _before_ postinst writes debconf.results, db_set-commands (for sane + defaults) in the second-run overwrote the answers given by the user. + + -- Andreas Metzler Sat, 1 Feb 2003 15:06:58 +0100 + +exim4 (4.12-0.0.13) unstable; urgency=low + + * link against GNUTLS + + -- Andreas Metzler Fri, 31 Jan 2003 16:32:31 +0100 + +exim4 (4.12-0.0.12) unstable; urgency=low + + * clean up at purge: Remove logfiles, ask about removing + undelivered mails in spool directory. + + -- Andreas Metzler Fri, 31 Jan 2003 13:32:37 +0100 + +exim4 (4.12-0.0.11) unstable; urgency=low + + * clean up update-exim4.conf: + + fix unconditional overwriting 03_exim4-base_neverusers + + one central `tempfile -m...` + + add skeleton function example + * add missing 'set -e' to exim4-base.postrm + * If there are no debconf answers and we are making a cross upgrade + from exim3, try to parse its config file to seed debconf db. + + -- Andreas Metzler Sun, 26 Jan 2003 12:22:23 +0100 + +exim4 (4.12-0.0.10) unstable; urgency=low + + * Get rid of error messages: don't call chmod/chown in + debconf/update-exim4.conf if the respective files don't exist. Don't try + to kill non running daemons. + * Don't start unconfigured daemon in init script, ie. require either + ${dc_eximconfig_configtype}" != "xnone or existence of handcrafted + /etc/exim4/exim4.conf. + Thanks to Alexander Koch for firmly pushing me this way. + * dc_listenonpublic was overwritten to true in config script. + * Typo in exim4-base.postrm prevented removal of + /etc/exim4/conf.d/router/28_exim4-base_hubuser + * Clean up /var/spool/exim4 properly; at least if there are just empty + directories. + * hub_user was broken because of unescaped $. + * import updated 10_daemon_close_fds.dpatch from Steve. + * only set neverusers if root is aliased somewhere. + + -- Andreas Metzler Fri, 24 Jan 2003 17:14:13 +0100 + +exim4 (4.12-0.0.9) unstable; urgency=low + + * update-exim4defaults: Fix bugs, add option --init + * /etc/default/exim4 is no conffile anymore, it is generated with + update-exim4defaults. + + -- Andreas Metzler Fri, 17 Jan 2003 13:39:46 +0100 + +exim4 (4.12-0.0.8) unstable; urgency=low + + * Don't ship now unneeded empty /var/lib/exim4/masquerade and + /var/lib/exim4/email_addresses + * move hub_user router to /etc/e4/c.d/ + * move primary-router definition to /etc/e4/c.d/ + * code in debian/rules installing /etc/exim4/conf.d/ tree ignores CVS + directories + * WARNING: upgrades from 0.0.6 and 0.0.7 are broken! + -After ugrading delete conffiles no longer in package in directories + below /etc/exim4/conf.d/: + rewrite/30_exim4-base + router/28_exim4-base_hub_user + - replace router/22_exim4-base_primary with a file containg only + the line "# d41d8cd98f00b204e9800998ecf8427e" + run update-exim4.conf afterwards and start daemon. + + -- Andreas Metzler Tue, 14 Jan 2003 17:44:50 +0100 + +exim4 (4.12-0.0.7) unstable; urgency=low + + * Add configuration file managment code using md5sums stored in the file + itself to update-exim4.conf(8). Use it and move files for evaluation of + /e/e4/email-addresses and the masquerading rules from /var/lib/exim4 to + /etc/. Gets rid of /etc/exim4/conf.d/rewrite/30_exim4-base and its two + .includes. + + -- Andreas Metzler Tue, 14 Jan 2003 13:05:51 +0100 + +exim4 (4.12-0.0.6) unstable; urgency=low + + * generate up to date manpage for eximstats with pod2man. + * EXPERIMENTAL: Split /etc/exim4/exim4.conf.template to little files + in /etc/exim4/conf.d/ - update docs accordingly. + * fix wrong path in exim4-base.doc-base.spec + + -- Andreas Metzler Sun, 12 Jan 2003 18:25:40 +0100 + +exim4 (4.12-0.0.5) unstable; urgency=low + + * enhance default-file a lot. + * ship update-exim4defaults(8) - a script to allow other packages to modify + the default-file. + + -- Andreas Metzler Mon, 6 Jan 2003 23:00:15 +0100 + +exim4 (4.12-0.0.4) unstable; urgency=low + + * Compile perl plugin with -fPIC + * Enable IPv6 support (Andrew Mulholland) + * remove exim4-base.cron.d, it only contained comments (no inetd support). + * enhance default-file: Allow disabling any queue runs and passing + additional options to exim daemon and/or the queuerunner. + + -- Andreas Metzler Sun, 5 Jan 2003 13:16:37 +0100 + +exim4 (4.12-0.0.3) unstable; urgency=low + + * Keep patches separate to make upgrading easier, using dpatch. + * Rename eximon to eximon4: Otherwise this would force anybody who has + installed eximon and runs exim v3 to switch to exim v4 + * Polish package descriptions a little bit. + * Drop Recommends for netbase. We don't support inetd anyway. + + -- Andreas Metzler Tue, 31 Dec 2002 14:31:14 +0100 + +exim4 (4.12-0.0.2) unstable; urgency=low + + * Actually compile with -O2 (Matthias Klose) + * Apply localscan_dlopen.patch from + http://marc.merlins.org/linux/exim/files/sa-exim-current/ to make it + possible to switch local_scan functions *without* recompiling exim. + * compile local_scan.c perl plugin as shared object that is dlopened, + document this in exim4-daemon-perl's description and doc-directory. + + -- Andreas Metzler Sat, 21 Dec 2002 14:01:24 +0100 + +exim4 (4.12-0.0.1) unstable; urgency=low + + * New upstream 4.12, a strict maintenance release. Without any new features + (Don't worry - this is the real release i.e. Phil's third shot ;-) + + -- Andreas Metzler Wed, 18 Dec 2002 12:17:51 +0100 + +exim4 (4.11-0.0.4) unstable; urgency=low + + * Get rid of /usr/lib/exim4/exim (see README.Debian for patched files) + * Use relative paths in debian/eximon.dirs + + -- Andreas Metzler Tue, 17 Dec 2002 13:40:19 +0100 + +exim4 (4.11-0.0.3) unstable; urgency=low + + * fix dbm lookups (one-line patch to src/search.c) + + -- Andreas Metzler Fri, 13 Dec 2002 13:38:31 +0100 + +exim4 (4.11-0.0.2) unstable; urgency=low + + * Fresh installs were broken, as the initial test in update-exim4.conf + failed. + * update-exim4.conf exits silently if /etc/exim4/exim4.conf exists. + * don't invoke update-exim4.conf in postinst if configtype=none. + + -- Andreas Metzler Wed, 11 Dec 2002 16:32:47 +0100 + +exim4 (4.11-0.0.1) unstable; urgency=low + + * New upstream version 4.11: + includes spec und util/* in orig.tar.gz, diff is small again. + see NewStuff items 49 to 57 for new features since snapshot 4.10.13. + + -- Andreas Metzler Wed, 11 Dec 2002 13:01:07 +0100 + +exim4 (4.10.13-0.0.4) unstable; urgency=low + + * reformat manpages a little bit, start each sentence on a new line, refer + to /usr/share/doc/exim4-base/ + * remove the %s from PID_FILE_PATH + * apply debian/fix-pid.issue.patch to fix minor security issue + http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html + * test in init-script for working config before reloading/restarting + (Andreas Piesk) + + -- Andreas Metzler Thu, 5 Dec 2002 13:04:51 +0100 + +exim4 (4.10.13-0.0.3) unstable; urgency=low + + * update copyright from NOTICE + * Typos in exim(8) + + -- Andreas Metzler Wed, 4 Dec 2002 10:35:18 +0100 + +exim4 (4.10.13-0.0.2) unstable; urgency=low + + * Fix path for eximon.bin in eximon script (Andreas Piesk) + * Add comments at the head of exim4.conf.template, containing a short + introduction to the configuration scheme. + + -- Andreas Metzler Tue, 3 Dec 2002 23:52:28 +0100 + +exim4 (4.10.13-0.0.1) unstable; urgency=low + + * Snapshot 4.10.13 + * CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated + * update update-exim4.conf* and documentation accordingly. + * Generate config.autogenerated with same permissions as + /etc/exim4/exim4.conf.template (it might conatain passwords) + * Add BIG FAT warning at head of autogenerated file. + * don't ship /var/lib/exim4/config.autogenerated, simply remove it on + purge if it exists. + + -- Andreas Metzler Mon, 2 Dec 2002 12:45:58 +0100 + +exim4 (4.10.12-0.0.1) unstable; urgency=low + + * Upgrade to testing snapshot 4.10.12 + * patches accepted/superseded by upstream: exim4-MID-expanded.patch, hmac*, + perl.c.patch + * patches that do not apply cleanly anymore: bV_shows_openssl_version.txt, + daemon_close_fds.txt, gcc_attributes-eximon.diff, gcc_attributes.txt, + tls_common.txt, tls_misc.txt, tls_session_cache.txt. + * minimize changes to scripts/exim_install - use INSTALL_ARG=-no_symlink instead. + * no util/cramtest.pl util/logargs.sh util/unknownuser.sh in upstream + tarball - perhaps only in testing version? + + -- Andreas Metzler Thu, 28 Nov 2002 16:11:52 +0100 + +exim4 (4.10-0.srh20.19) unstable; urgency=low + + * ship convert4r4 as /usr/sbin/exim_convert4r4 (with manpage) + * eximon does not provides/Conflicts: exim4-daemon + * switch AGAIN *-daemon provides MTA: + - *-daemon depends on -base instead of the other way round + - explicit "conflicts/replaces: exim, exim-tls" for the base package - + these need to add this the other way round, too (TODO). + - move symlinks for sendmail, mailq, rmail, rsmtp and their manpages (+the one + for newaliases) to the daemon-packages. + - no more non-debhelper-generated exim4-base.prerm, simplified + *daemon.postinst + * try to start daemon in postinst no matter whether configtype=none, people + might use it with a handcrafted exim4.conf. + * register /var/lib/exim4/email_addresses for dpkg. + + -- Andreas Metzler Sun, 24 Nov 2002 15:04:32 +0100 + +exim4 (4.10-0.srh20.18) unstable; urgency=low + + * add "Replaces: exim4-daemon" to all the daemon flavours, needed for + switching. + * Marc Haber: + make exim4-daemon-custom actually work. + building from CVS was broken + clean target missed Local/eximon.conf + * exim-daemon-perl recommends libexim-localscan-perl + + -- Andreas Metzler Thu, 21 Nov 2002 17:04:54 +0100 + +exim4 (4.10-0.srh20.17) unstable; urgency=low + + * add support for building a customized daemon (exim4-daemon-custom) + * tighten build-depends: official exim4-base linked against db3 won't + work well together with exim4-daemon-custom linked against libdb2 + * ship compile time configuration (EDITME-files) in /usd/daemon-flavour. + * use /var/mail instead of /var/spool/mail (#169747) + * make uucp a trusted user. (#169545) + + -- Andreas Metzler Sun, 17 Nov 2002 23:06:29 +0100 + +exim4 (4.10-0.srh20.16) unstable; urgency=low + + * fix Gecos pattern: 'From: "Andreas Metzler,,," Sat, 9 Nov 2002 10:12:34 +0100 + +exim4 (4.10-0.srh20.15) unstable; urgency=low + + * Fix crash with perl 5.8 (threads), thanks to Eckebrecht von Pappenheim + + * perl-package: search local_scan.pl in /etc/exim4 instead of /etc/exim. + + -- Andreas Metzler Wed, 6 Nov 2002 22:46:12 +0100 + +exim4 (4.10-0.srh20.14) unstable; urgency=low + + * add /etc/default/exim4 (#123184, #95325) + * Don't start a queue runner with cron per default, exim runs as daemon. + * polish config-script: more states, strip blanks. + * Ask whether to bind to all local interfaces or only to localhost with sane + default depending on configtype. (#108853) + + -- Andreas Metzler Thu, 31 Oct 2002 14:05:50 +0100 + +exim4 (4.10-0.srh20.13) unstable; urgency=low + + * send stdout of logrotate postrotate-script to /dev/null + * polish exim4-base.postinst and exim4-base.templates + * use tcp-wrappers + * simplify update-exim4.conf. There is no need to only add remote_smtp + transport for special configurations. It does not hurt and should make it + easy for users to activate smtp-auth. + * install configration example to examples subdirectory + + -- Andreas Metzler Tue, 29 Oct 2002 08:42:42 +0100 + +exim4 (4.10-0.srh20.12) unstable; urgency=low + + * linked against external pcre + * clean up a little bit - move all manpages to debian/manpages/ + * ship template /etc/exim4/email-addresses + * LFS support (-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE) + * Don't force sender verification by default + * I actually use this version. + + -- Andreas Metzler Sun, 27 Oct 2002 17:10:16 +0100 + +exim4 (4.10-0.srh20.11) unstable; urgency=low + + * if HUPed exim will rexec itself as /usr/lib/exim4/exim, changing the name + to exim - start-stop-daemon-daemon would not recognize it. Changed + init.script to exec /usr/lib/exim4/exim to set the processname to "exim". + This needs to be deuglified. + * use black magic in daemon-$flavour postinst to only start it there if + switching flavours. + * support for inetd has to wait for sarge+1 + * fix description of 'exim4' daemon flavour. + + -- Andreas Metzler Sat, 26 Oct 2002 11:09:14 +0200 + +exim4 (4.10-0.srh20.10) unstable; urgency=low + + * don't provide symlink /usr/sbin/exim anymore - this broke coinstallation + with uninstalled exim 3 - the exim3-init script started the exim4-daemon. + Ship symlink /usr/lib/exim4/exim -> /usr/sbin/exim4 and set BIN_DIRECTORY + to /usr/lib/exim4. This is a little bit ugly but the alterative would be to + patch 7 files in src. + * the daemon packages conflict with each other by each having + Conflicts/Provides: exim4-daemon + * Add doc base support for spec and filter.txt (bug 165961) + * Switching daemon flavours restarts them. + + -- Andreas Metzler Fri, 25 Oct 2002 16:14:44 +0200 + +exim4 (4.10-0.srh20.9) unstable; urgency=low + + * apply exim4-MID-expanded.patch - make domain part of M-ID configurable. + Shipped in debian-subdir so it can be easily patch -R'd before official + debian release. + * set spool to /var/spool/exim4 in EDITME + * remove /var/run/exim4 on purge + * remove /var/(spool|log)/exim4 on purge if empty + * added manpages. + * allow relay for 127.0.0.1 : ::::1 + * set host_find_failed = defer for smarthost router and mimick exim3. It + really sucks to get a frozen message and error to the postmaster _every_ + time I try to send a message offline. + + -- Andreas Metzler Thu, 24 Oct 2002 14:00:05 +0200 + +exim4 (4.10-0.srh20.8) unstable; urgency=low + + * info and html doc generated from separate source package - diff is + small + * remove m4 and texinfo from build-depends + + -- Andreas Metzler Thu, 24 Oct 2002 12:22:56 +0200 + +exim4 (4.10-0.srh20.7) unstable; urgency=low + + * config script as state machine - allows going back! + * hopefully last forgotten entry of /var/{spool,log,run}/exim in postinst + and cron.* fixed. + + -- Andreas Metzler Thu, 24 Oct 2002 09:16:12 +0200 + +exim4 (4.10-0.srh20.6) unstable; urgency=low + + * generate /etc/aliases with debconf + * remove dpkg-statoverride managment with debconf, ship exim binary as 4755 + root:root. + * update debian/copyright from NOTICE. + * add (commented out) maildrop-transport to template + * add (commented out) maildir-transport to template + * Remove some backslashes in template + * Fix *lots of* cut and paste errors, introduced by generating the + configuration template from the debconf_eximconfig perl script. + $local_delivery is wrong, define macro LOCAL_DELIVERY and use it instead. + Remove erranous backslashes. + * Add comments from the example configuration file to template. + * host and domain lists are colon separated. + + -- Andreas Metzler Mon, 21 Oct 2002 22:37:45 +0200 + +exim4 (4.10-0.srh20.5) unstable; urgency=low + + * new debconf-code: + - shell scripts + - debconf-results are saved (and read from) /etc/exim4/debconf.results + - /etc/exim4/exim4.conf.template is a dpkg-conffile + - update-exim4.conf(8) merges these two files and generates exim's main + configuration file /var/lib/exim4/exim4.conf. + + -- Andreas Metzler Sat, 19 Oct 2002 19:23:35 +0200 + +exim4 (4.10-0.srh20.4) unstable; urgency=low + + * symlink usr/sbin/exim4 <-> usr/sbin/exim in -base package was wrong. + * move invoke-rc.d to -base package - _it_ contains the init-script + * move stat-overide-stuff to -base package. - The values are filled in _its_ + config. + * missing stuff from log/exim4 run/exim4 transition: exim-base + maintainerscripts. + * Daemon-packages have only debconf stuff left as maintainerscripts. How + about letting dh_installinit manage the initscript? + * exim4-base.postrm has no business removing /etc/exim/exim.conf + + -- Andreas Metzler Fri, 18 Oct 2002 14:40:46 +0200 + +exim4 (4.10-0.srh20.3) unstable; urgency=low + + * /etc/exim4/... + * fix cronjob: Test for existence of /etc/exim4/exim4.conf - it formerly + tested for exim3's configuration file + * /usr/lib/exim/ --> /usr/lib/exim4/ -- Put eximon.bin there, too. + + -- Andreas Metzler Fri, 18 Oct 2002 13:43:37 +0200 + +exim4 (4.10-0.srh20.2) unstable; urgency=low + + * more changes: + * /var/log/exim/ --> /var/log/exim4/ + * /var/run/exim/ --> /var/run/exim4/ + * /etc/init.d/exim --> /etc/init.d/exim4 + * Use files named after the real package (exim4-base instead of) exim for + cron and logrotate. - use dh_installlogrotate and dh_installcron + * Don't install exim.8 manpages in daemon packages - symlink is enough, ship + real manpage in base-package. - use dh_installman. + * Get rid of m4-magic - without the alternatives there is no need. + + -- Andreas Metzler Thu, 17 Oct 2002 23:52:31 +0200 + +exim4 (4.10-0.srh20.1) unstable; urgency=low + + * rename package, replace dependencies. + - src: exim4 + - binary exim(-something) --> exim4-something + - Remove Provides: exim - does not make sense anymore, dselect/apt + would take the real exim instead of the provided one. + - Revamp Dependencies and contents + * exim4-base provides/confl/repl: mta and depends on one of *our* + flavours + * each of the flavours only contains only /usr/sbin/exim4 and a manpagelink + exim4--->exim - there is no need to provides/confl/repl: mta, because + we ship no common file with the same name as in the original + exim4-package + - drop alternatives. + - install configuration example to /usr/share/doc/exim4-doc/examples + + -- Andreas Metzler Thu, 17 Oct 2002 17:58:08 +0200 + +exim (4.10-0.srh20) unstable; urgency=low + + * exim-base.config fixes during testing-- need to run debconf subs in a + list context to get their numeric return code. + * enqueue_question(): $code == 0 is ok too + * main: call fetch_default() not find_default() [when did I last test this?] + * install debconf_eximconfig (!!!!!!) + + -- Steve Haslam Wed, 16 Oct 2002 21:50:27 +0100 + +exim (4.10-0.srh19) unstable; urgency=low + + * Move the eximon binary into the eximon package! + + -- Steve Haslam Wed, 16 Oct 2002 19:36:48 +0100 + +exim (4.10-0.srh18) unstable; urgency=low + + * The clean: target now deletes doc/tmp + + -- Steve Haslam Wed, 16 Oct 2002 18:10:29 +0100 + +exim (4.10-0.srh17) unstable; urgency=low + + * Slave alternatives for "rmail" too. + * Changed libxaw-dev in build-depends to libxaw7-dev | libxaw-dev + * Added libperl-dev and m4 to build-depends + + -- Steve Haslam Wed, 16 Oct 2002 17:19:40 +0100 + +exim (4.10-0.srh16) unstable; urgency=low + + * Put --exec $DAEMON back on the start-stop-daemon --stop calls, since + start-stop-daemon complains about the process not being found after it + just killed it. (Due to Exim not removing its own pid file?) + * Point slave alternatives at .gz versions of manpages + + -- Steve Haslam Wed, 16 Oct 2002 16:12:08 +0100 + +exim (4.10-0.srh15) unstable; urgency=low + + * Fix "update-alternatives --remove" invocation. + * Remove alternatives AFTER stopping daemon. + * Use logrotate to cycle logs. + * Manually install logrotate/cron stuff, to call it "exim" instead of "exim-base". + * Install upstream exim.8 manpage, and slave alternatives. + + -- Steve Haslam Wed, 16 Oct 2002 15:44:56 +0100 + +exim (4.10-0.srh14) unstable; urgency=low + + * dh_installinit: pass --noscripts, put the script invocation etc. in + ourselves. This is still pretty nasty, but ensures that the deamons + are stopped/started themselves, not by exim-base. + * Also, pass --init-script=exim to use /etc/init.d/exim, not + /etc/init.d/exim-base. + * Fix some inconsistencies in the postsinst related to the above that + made lintian scream + * Remove the --exec option when stopping the daemon in the init script, + so that we still stop the daemon if the symlink changed to point to a + different version (hacky). + + -- Steve Haslam Wed, 16 Oct 2002 14:51:19 +0100 + +exim (4.10-0.srh13) unstable; urgency=low + + * Bah, fix paths of mailq etc. to be in /usr/bin, not /usr/lib + + -- Steve Haslam Wed, 16 Oct 2002 14:08:45 +0100 + +exim (4.10-0.srh12) unstable; urgency=low + + * The postinsts were totally broken, doing everything off the "install" + target, and nothing off "configure". Since they're all pracitcally the + same, they are now generated from daemon-postinst.m4. + * Fix invocations of dpkg-statoverride (sysuser??) + * Added slave alternatives for mailq, sendmail etc. + * Removed daemon packages conflicting with mail-transport-agent, + although this isn't good-- the deamon packages don't conflict with + each other (they use alternatives to arrange themselves), but do + conflict with other MTAs that install + /usr/lib/sendmail|/usr/sbin/sendmail links. Urnf. + * Similar generation system for prerms as postinsts + + -- Steve Haslam Wed, 16 Oct 2002 13:47:53 +0100 + +exim (4.10-0.srh11) unstable; urgency=low + + * Urnf, nasty circular dependencies. Removed exim-base's dependency on exim-daemon. + * Fix "use strict" errors in exim-base.config (oops) + + -- Steve Haslam Wed, 16 Oct 2002 13:10:25 +0100 + +exim (4.10-0.srh10) unstable; urgency=low + + * Patch src/expand.c with HMAC support + * Rename exim-daemon-default package to just "exim", so upgrading works + better, and exim isn't made into a pure virtual package while other + packages depend on it. Moreover, mail-transport-agent is provided by + each of the daemon packages, not exim-base, since having exim-base + alone is not sufficient to have an MTA. + * Each exim daemon package depends on exim-base, not exim. + + -- Steve Haslam Wed, 16 Oct 2002 12:52:19 +0100 + +exim (4.10-0.1) unstable; urgency=low + + * Heavy changes to build system. + * Split package into: + - exim-base: This package contains all utility programs and + documentation in plain text format. + - exim-daemon-$FOO: (Currently for FOO in light, default, heavy, + perl): Conain only the exim daemon in different configurations + - exim-doc-info: Contains exim documentation in Info format. + - eximon: The X11 monitor for Exim + + -- Hilko Bengen Wed, 2 Oct 2002 17:23:04 +0200 + +exim (4.10-0.srh4) unstable; urgency=low + + * exim.c: Show the OpenSSL version number if TLS compiled in and the tls + debug selector enabled. + * exim.postinst et al: Keep the alternatives configured between upgrades + (naughty) since exim-light will fail to start if exim-heavy keywords + are in the config file + + -- Steve Haslam Fri, 13 Sep 2002 16:08:47 +0100 + +exim (4.10-0.srh3) unstable; urgency=low + + * tls.c: Some debug output changes to verify_callback() + * debconf_eximconfig: add more escaping when writing acl_check_rcpt + * tls.c and others: ${tls_peercn} now expands to the CN part of the + peer's certificate subject when using TLS. + * transports/smtp.c and others: Added tls_verify_hostname option to + verify the hostname we connected to against the CN/subjectAltName + of the peer certificate. + + -- Steve Haslam Fri, 13 Sep 2002 15:44:07 +0100 + +exim (4.10-0.srh2) unstable; urgency=low + + * exim-heavy.postinst: had duplicate sendmail alternative, removed. Had + a priority the same as exim-light too... increased. + * Replace LOOKUP_CDB=yes in exim-light configuration, since it was in + the Exim 3 package and doesn't bring in any dependencies. + * exim.postinst: delete files from /var/spool/exim/db if they cannot be + read by exim_dumpdb (some DB compatibility lossage) + + -- Steve Haslam Tue, 3 Sep 2002 13:28:44 +0100 + +exim (4.10-0.srh1) unstable; urgency=low + + * My stab at an Exim 4 package. Features include: + * An exim-heavy package that contains an Exim binary with LDAP, + MySQL, PostgreSQL etc. in, so that the main Exim package's + dependencies are kept thin but users can easily get hold of + the extra lookup types. + * Debconf-based configuration, although it has priority=high + questions, so not completely noninteractive yet, and not + all features of eximconfig have been ported/checked + * Automated conversion of Exim 3 configuration files + (using PH's convert4r4) + + -- Steve Haslam Tue, 3 Sep 2002 10:20:24 +0100 + +exim (3.35-1.srh1) unstable; urgency=low + + * Reconfigured to include MySQL and PostgreSQL lookups + + -- Steve Haslam Fri, 9 Aug 2002 15:52:37 +0100 + +exim (3.35-1) unstable; urgency=low + + * New upstream version, fixes buffer overflow (Closes: #135069) + * debian/config: Added receiver_try_verify (Closes: #136276) + * debian/init.d: Use --retry 30 option for start-stop-daemon when + stopping exim (Closes: #136450) + * debian/postinst: "noninteractive" in correct case (Closes: #134379) + * debian/init.d: Use -n option for echo (from patch in #133288) + * debian/exim_lock.8: Manpage for exim_lock - thanks Nick Philips + (Closes: #131679) + * debian/config: Fixed comment on smtp_accept_queue_per_connection + (Closes: #136756) + * debian/exim.8,debian/eximon.8: Fixed hyphenation (Closes: #132068) + * debian/control: Short description improved (Closes: #130698) + + -- Mark Baker Mon, 4 Mar 2002 23:04:52 +0000 + + diff --cc debian/control index ead6280,0000000..25b073d mode 100644,000000..100644 --- a/debian/control +++ b/debian/control @@@ -1,353 -1,0 +1,353 @@@ +Source: exim4 +Section: mail +Priority: standard +Maintainer: Exim4 Maintainers +Uploaders: Andreas Metzler ,Marc Haber +Homepage: http://www.exim.org/ +Standards-Version: 3.9.6 +#Vcs-Git: git://git.debian.org/git/pkg-exim4/exim4.git +#Vcs-Browser: http://git.debian.org/?p=pkg-exim4/exim4.git +Vcs-Git: git://anonscm.debian.org/pkg-exim4/exim4.git +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-exim4/exim4.git +Build-Depends: debhelper (>= 7.0.15), po-debconf, docbook-xsl, xsltproc, + lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev, + libident-dev, libdb5.3-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev, + libxaw7-dev, libpq-dev, libmysqlclient-dev | libmysqlclient15-dev, + libsqlite3-dev, libperl-dev, libgnutls28-dev, libsasl2-dev +XS-Testsuite: autopkgtest + +Package: exim4-base +Architecture: any +Breaks: exim4-daemon-light (<<${Upstream-Version}), + exim4-daemon-heavy (<<${Upstream-Version}), + exim4-daemon-custom (<<${Upstream-Version}) +Conflicts: exim, exim-tls +Replaces: exim, exim-tls, exim4-daemon-light, exim4-daemon-heavy, exim4-daemon-custom +Depends: ${shlibs:Depends}, ${misc:Depends}, + cron | cron-daemon | anacron | fcron, + exim4-config (>=4.82) | exim4-config-2, adduser, netbase, lsb-base (>= 3.0-6) +# psmisc just for exiwhat. +Recommends: psmisc, mailx, perl-modules +Suggests: mail-reader, eximon4, exim4-doc-html|exim4-doc-info, + gnutls-bin | openssl, file, spf-tools-perl, swaks +Description: support files for all Exim MTA (v4) packages + Exim (v4) is a mail transport agent. exim4-base provides the support + files needed by all exim4 daemon packages. You need an additional package + containing the main executable. The available packages are: + . + exim4-daemon-light + exim4-daemon-heavy + . + If you build exim4 from the source package locally, you can also + build an exim4-daemon-custom package tailored to your own feature set. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-config +Architecture: all - Breaks: exim4-daemon-light (<<4.82~rc1), exim4-daemon-heavy (<<4.82~rc1) ++Breaks: exim4-daemon-light (<<4.84.2), exim4-daemon-heavy (<<4.84.2) +Provides: exim4-config-2 +Conflicts: exim, exim-tls, exim4-config, exim4-config-2, ${MTA-Conflicts} +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser +Description: configuration for the Exim MTA (v4) + Exim (v4) is a mail transport agent. exim4-config provides the configuration + for the exim4 daemon packages. The configuration framework has been split + off the main package to allow sites to replace the configuration scheme + with their own without having to change the actual exim4 packages. + . + Sites with special configuration needs (having a lot of identically + configured machines for example) can use this to distribute their own + custom configuration via the packaging system, using the magic + available with dpkg's conffile handling, without having to do local + changes on all of these machines. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-light +Architecture: any +Provides: mail-transport-agent, exim4-localscanapi-1.0, exim4-localscanapi-1.1, default-mta +Conflicts: mail-transport-agent +Replaces: mail-transport-agent, exim4-base (<= 4.61-1) +Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, ${misc:Depends} +Description: lightweight Exim MTA (v4) daemon + Exim (v4) is a mail transport agent. This package contains the exim4 + daemon with only basic features enabled. It works well with the + standard setups that are provided by Debian and includes support for + TLS encryption and the dlopen patch to allow dynamic loading of a + local_scan function. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4 +Architecture: all +Depends: ${misc:Depends}, debconf (>= 1.4.69) | cdebconf (>= 0.39), + exim4-base (>= ${source:Version}), + exim4-base (<< ${source:Version}.1), + exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom +Description: metapackage to ease Exim MTA (v4) installation + Exim (v4) is a mail transport agent. exim4 is the metapackage depending + on the essential components for a basic exim4 installation. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-heavy +Architecture: any +Priority: optional +Provides: mail-transport-agent, exim4-localscanapi-1.0, exim4-localscanapi-1.1 +Conflicts: mail-transport-agent +Replaces: mail-transport-agent, exim4-base (<= 4.61-1) +Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, + ${misc:Depends} +Breaks: clamav-daemon (<< 0.95) +Description: Exim MTA (v4) daemon with extended features, including exiscan-acl + Exim (v4) is a mail transport agent. This package contains the exim4 + daemon with extended features. In addition to the features already + supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP, + sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication, + embedded Perl interpreter, and the content scanning extension + (formerly known as "exiscan-acl") for integration of virus scanners + and spamassassin. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +#Package: exim4-daemon-custom +#Architecture: any +#Priority: optional +#Provides: mail-transport-agent, exim4-localscanapi-1.0, exim4-localscanapi-1.1 +#Conflicts: mail-transport-agent +#Replaces: mail-transport-agent, exim4-base (<= 4.61-1) +#Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, ${misc:Depends} +#Description: custom Exim MTA (v4) daemon with locally set features +# Exim (v4) is a mail transport agent. This package contains a +# custom-configured exim4 daemon compiled to local needs. This package +# is not part of official Debian, but can easily be built from the +# Debian source package. For information about the feature set compiled in, +# and for bug reports, please find out who built your package. +# . +# The Debian exim4 packages have their own web page, +# http://wiki.debian.org/PkgExim4. There is also a Debian-specific +# FAQ list. Information about the way the Debian packages are +# configured can be found in +# /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains +# information about the way the Debian binary packages are built. The +# very extensive upstream documentation is shipped in +# /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven +# configuration process in a standard setup, invoke dpkg-reconfigure +# exim4-config. There is a Debian-centered mailing list, +# pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific +# questions there, and only write to the upstream exim-users mailing +# list if you are sure that your question is not Debian-specific. You +# can find the subscription web page on +# http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: eximon4 +Architecture: any +Priority: optional +Conflicts: eximon +Replaces: eximon +Depends: ${shlibs:Depends}, ${misc:Depends}, exim4-base (>= 4.10) +Description: monitor application for the Exim MTA (v4) (X11 interface) + Eximon is a helper program for the Exim MTA (v4). It allows + administrators to view the mail queue and logs, and perform a variety + of actions on queued messages, such as freezing, bouncing and thawing + messages. + +Package: exim4-dbg +Architecture: any +Priority: extra +Section: debug +Depends: exim4-base, exim4-config, ${misc:Depends} +Recommends: eximon4 +Description: debugging symbols for the Exim MTA (utilities) + Exim (v4) is a mail transport agent. This package contains + debugging symbols for the binaries contained in the exim4 + packages. The daemon packages have their own debug package. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-light-dbg +Architecture: any +Priority: extra +Section: debug +Depends: exim4-daemon-light, ${misc:Depends} +Description: debugging symbols for the Exim MTA "light" daemon + Exim (v4) is a mail transport agent. This package contains + debugging symbols for the binaries contained in the + exim4-daemon-light package. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-heavy-dbg +Architecture: any +Priority: extra +Section: debug +Depends: exim4-daemon-heavy, ${misc:Depends} +Description: debugging symbols for the Exim MTA "heavy" daemon + Exim (v4) is a mail transport agent. This package contains + debugging symbols for the binaries contained in the + exim4-daemon-heavy package. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +#Package: exim4-daemon-custom-dbg +#Architecture: any +#Priority: extra +#Section: debug +#Depends: exim4-daemon-custom, ${misc:Depends} +#Description: debugging symbols for the Exim MTA (v4) packages +# Exim (v4) is a mail transport agent. This package contains +# debugging symbols for the binaries contained in the +# exim4-daemon-custom package. +# . +# The Debian exim4 packages have their own web page, +# http://wiki.debian.org/PkgExim4. There is also a Debian-specific +# FAQ list. Information about the way the Debian packages are +# configured can be found in +# /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains +# information about the way the Debian binary packages are built. The +# very extensive upstream documentation is shipped in +# /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven +# configuration process in a standard setup, invoke dpkg-reconfigure +# exim4-config. There is a Debian-centered mailing list, +# pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific +# questions there, and only write to the upstream exim-users mailing +# list if you are sure that your question is not Debian-specific. You +# can find the subscription web page on +# http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-dev +Architecture: any +Priority: extra +Depends: ${misc:Depends} +Description: header files for the Exim MTA (v4) packages + Exim (v4) is a mail transport agent. This package contains header + files that can be used to compile code that is then dynamically linked + to exim's local_scan interface. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users diff --cc debian/debconf/conf.d/main/02_exim4-config_options index cae5e9b,0000000..bfaf7bd mode 100644,000000..100644 --- a/debian/debconf/conf.d/main/02_exim4-config_options +++ b/debian/debconf/conf.d/main/02_exim4-config_options @@@ -1,200 -1,0 +1,210 @@@ + +### main/02_exim4-config_options +################################# + + +# Defines the access control list that is run when an +# SMTP MAIL command is received. +# +.ifndef MAIN_ACL_CHECK_MAIL +MAIN_ACL_CHECK_MAIL = acl_check_mail +.endif +acl_smtp_mail = MAIN_ACL_CHECK_MAIL + + +# Defines the access control list that is run when an +# SMTP RCPT command is received. +# +.ifndef MAIN_ACL_CHECK_RCPT +MAIN_ACL_CHECK_RCPT = acl_check_rcpt +.endif +acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT + + +# Defines the access control list that is run when an +# SMTP DATA command is received. +# +.ifndef MAIN_ACL_CHECK_DATA +MAIN_ACL_CHECK_DATA = acl_check_data +.endif +acl_smtp_data = MAIN_ACL_CHECK_DATA + + +# Message size limit. The default (used when MESSAGE_SIZE_LIMIT +# is unset) is 50 MB +.ifdef MESSAGE_SIZE_LIMIT +message_size_limit = MESSAGE_SIZE_LIMIT +.endif + + +# If you are running exim4-daemon-heavy or a custom version of Exim that +# was compiled with the content-scanning extension, you can cause incoming +# messages to be automatically scanned for viruses. You have to modify the +# configuration in two places to set this up. The first of them is here, +# where you define the interface to your scanner. This example is typical +# for ClamAV; see the manual for details of what to set for other virus +# scanners. The second modification is in the acl_check_data access +# control list. + +# av_scanner = clamd:/var/run/clamav/clamd.ctl + + +# For spam scanning, there is a similar option that defines the interface to +# SpamAssassin. You do not need to set this if you are using the default, which +# is shown in this commented example. As for virus scanning, you must also +# modify the acl_check_data access control list to enable spam scanning. + +# spamd_address = 127.0.0.1 783 + +# Domain used to qualify unqualified recipient addresses +# If this option is not set, the qualify_domain value is used. +# qualify_recipient = + + +# Allow Exim to recognize addresses of the form "user@[10.11.12.13]", +# where the domain part is a "domain literal" (an IP address) instead +# of a named domain. The RFCs require this facility, but it is disabled +# in the default config since it is seldomly used and frequently abused. +# Domain literal support also needs a special router, which is automatically +# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS. +# Additionally, you might want to make your local IP addresses (or @[]) +# local domains. +.ifdef MAIN_ALLOW_DOMAIN_LITERALS +allow_domain_literals +.endif + + +# Do a reverse DNS lookup on all incoming IP calls, in order to get the +# true host name. If you feel this is too expensive, the networks for +# which a lookup is done can be listed here. +.ifndef DC_minimaldns +.ifndef MAIN_HOST_LOOKUP +MAIN_HOST_LOOKUP = * +.endif +host_lookup = MAIN_HOST_LOOKUP +.endif + + +# In a minimaldns setup, update-exim4.conf guesses the hostname and +# dumps it here to avoid DNS lookups being done at Exim run time. +.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME +primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME +.endif + +# The settings below, which are actually the same as the defaults in the +# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP +# calls. You can limit the hosts to which these calls are made, and/or change +# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls +# are disabled. RFC 1413 calls are cheap and can provide useful information +# for tracing problem messages, but some hosts and firewalls are +# misconfigured to drop the requests instead of either answering or +# rejecting them. This can result in a timeout instead of an immediate refused +# connection, leading to delays on starting up SMTP sessions. (The default was +# reduced from 30s to 5s for release 4.61.) +# rfc1413_hosts = * +# rfc1413_query_timeout = 5s + +# When using an external relay tester (such as rt.njabl.org and/or the +# currently defunct relay-test.mail-abuse.org, the test may be aborted +# since exim complains about "too many nonmail commands". If you want +# the test to complete, add the host from where "your" relay tester +# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro. +# Please note that a non-empty setting may cause extra DNS lookups to +# happen, which is the reason why this option is commented out in the +# default settings. +# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org +.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS +smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS +.endif + +# By default, exim forces a Sender: header containing the local +# account name at the local host name in all locally submitted messages +# that don't have the local account name at the local host name in the +# From: header, deletes any Sender: header present in the submitted +# message and forces the envelope sender of all locally submitted +# messages to the local account name at the local host name. +# The following settings allow local users to specify their own envelope sender +# in a locally submitted message. Sender: headers existing in a locally +# submitted message are not removed, and no automatic Sender: headers +# are added. These settings are fine for most hosts. +# If you run exim on a classical multi-user systems where all users +# have local mailboxes that can be reached via SMTP from the Internet +# with the local FQDN as the domain part of the address, you might want +# to disable the following three lines for traceability reasons. +.ifndef MAIN_FORCE_SENDER +local_from_check = false +local_sender_retain = true +untrusted_set_sender = * +.endif + + +# By default, Exim expects all envelope addresses to be fully qualified, that +# is, they must contain both a local part and a domain. Configure exim +# to accept unqualified addresses from certain hosts. When this is done, +# unqualified addresses are qualified using the settings of qualify_domain +# and/or qualify_recipient (see above). +# sender_unqualified_hosts = +# recipient_unqualified_hosts = + + +# Configure Exim to support the "percent hack" for certain domains. +# The "percent hack" is the feature by which mail addressed to x%y@z +# (where z is one of the domains listed) is locally rerouted to x@y +# and sent on. If z is not one of the "percent hack" domains, x%y is +# treated as an ordinary local part. The percent hack is rarely needed +# nowadays but frequently abused. You should not enable it unless you +# are sure that you really need it. +# percent_hack_domains = + + +# Bounce handling +.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER +MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d +.endif +ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER + +.ifndef MAIN_TIMEOUT_FROZEN_AFTER +MAIN_TIMEOUT_FROZEN_AFTER = 7d +.endif +timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER + +.ifndef MAIN_FREEZE_TELL +MAIN_FREEZE_TELL = postmaster +.endif +freeze_tell = MAIN_FREEZE_TELL + + +# Define spool directory +.ifndef SPOOLDIR +SPOOLDIR = /var/spool/exim4 +.endif +spool_directory = SPOOLDIR + + +# trusted users can set envelope-from to arbitrary values +.ifndef MAIN_TRUSTED_USERS +MAIN_TRUSTED_USERS = uucp +.endif +trusted_users = MAIN_TRUSTED_USERS +.ifdef MAIN_TRUSTED_GROUPS +trusted_groups = MAIN_TRUSTED_GROUPS +.endif + + +# users in admin group can do many other things +# admin_groups = + + +# SMTP Banner. The example includes the Debian version in the SMTP dialog +# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}" +# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full ++ ++.ifdef MAIN_KEEP_ENVIRONMENT ++keep_environment = MAIN_KEEP_ENVIRONMENT ++.else ++# set option to empty value to avoid warning. ++keep_environment = ++.endif ++.ifdef MAIN_ADD_ENVIRONMENT ++add_environment = MAIN_ADD_ENVIRONMENT ++.endif diff --cc debian/exim4-config.NEWS index 5fbd981,0000000..f8041e4 mode 100644,000000..100644 --- a/debian/exim4-config.NEWS +++ b/debian/exim4-config.NEWS @@@ -1,240 -1,0 +1,264 @@@ ++exim4 (4.84.2-2) jessie; urgency=medium ++ ++ As part of the fix for CVE-2016-1531 updated Exim versions clean ++ the complete execution environment by default, affecting Exim and ++ subprocesses such as routers calling other programs, and thus may break ++ existing installations. New configuration options (keep_environment, ++ add_environment) were introduced to adjust this behavior. Because of the ++ possible breakage Exim will show a runtime warning if keep_environment is ++ not set. ++ ++ The Debian exim4 configuration does not rely on specific environment ++ variables and therefore sets 'keep_environment =' (i.e confirm empty ++ environment). ++ ++ Users of custom Exim configurations will need to check whether their setup ++ continues to work with the abovementioned upstream change and modify the ++ Exim environment as needed otherwise. If the setup works fine with empty ++ environment it is still necessary to set the main configuration option ++ "keep_environment =" to quiet the runtime warning. ++ ++ See for details. ++ ++ -- Andreas Metzler Mon, 28 Mar 2016 17:58:09 +0200 ++ +exim4 (4.68-1) unstable; urgency=low + + In order to fix #420217, the handling of incoming messages to + system accounts has been changed once again. To allow system + account mail addresses to be redirected via traditional + /etc/aliases, system accounts are now processed later in the + router chain. + + This has made it necessary to change the default behavior of the + real- prefix. real-foo is now only accessible for locally + generated messages, such as the error message generated by the + userforward router. If you need the old behavior back, set the + macro COND_LOCAL_SUBMITTER=true. As a side-effect, you can + entirely switch off the real- processing by setting + COND_LOCAL_SUBMITTER=false. + + -- Marc Haber Thu, 04 Oct 2007 22:34:01 +0200 + +exim4 (4.67-6) unstable; urgency=low + + acl_whitelist_local_deny was renamed to acl_local_deny_exceptions + to avoid confusion. This means changes to ACLs, file names in + /etc/exim4/conf.d/acl and the exception list file names themselves. + + CONFDIR/local_host_whitelist and CONFDIR/local_sender_whitelist + have been renamed to CONFDIR/host_local_deny_exceptions and + CONFDIR/sender_local_deny_exceptions. The old files will continue + to be honored for a transition period. + + The old file conf.d/acl/20_exim4-config_whitelist_local_deny will + get a .dpkg-bak suffix if it had local changes, and it will be + removed if there were no local changes. In the case of local changes, + you'll need to repeat these changes in the new file + conf.d/acl/20_exim4-config_local_deny_exceptions. + + -- Marc Haber Wed, 05 Sep 2007 21:22:22 +0200 + +exim4 (4.67-5) unstable; urgency=low + + The macro generation in update-exim4.conf has been changed once + more. update-exim4.conf now looks for the (non-commented!) + definition of the exim configuration macro UPEX4CmacrosUPEX4C to + an arbitrary, non-empty value, and inserts the generated macro + definitions right after this line, without changing it. + + update-exim4.conf looks for commented UPEX4CmacrosUPEX4C (which + used to be the place marker in earlier 4.67-x versions) and barfs + if it finds them anywhere in /etc/exim4/exim4.conf.template or + recursively /etc/exim4/conf.d. This check - as a feature - also + includes files that would normally be excluded by + update-exim4.conf, such as .dpkg-old and .dpkg-dist files. + + If you insist on having a commented UPEX4CmacrosUPEX4C in your + exim configuration and don't want update-exim4.conf to barf, set + the exim macro UPEX4CmacrosOK_config_adapted to a non-empty value. + + -- Marc Haber Thu, 28 Jun 2007 08:29:36 +0200 + +exim4 (4.67-4) unstable; urgency=low + + Since a lot of users did not read the docs while upgrading and + filed bug reports about exim4-config failing to install due to a + "malformed macro definition", update-exim4.conf.conf now checks + for DEBCONFsomethingDEBCONF strings anywhere in + /etc/exim4/exim4.conf.template or recursively /etc/exim4/conf.d + and barfs if such strings are found. This check - as a feature - also + includes files that would normally be excluded by + update-exim4.conf. + + It _is_ necessary to either accept the offered configuration file + change _or_ to manually check a manually changed exim config. Exim + will _NOT_ run if a configuration file of an older version is + being used with a more recent exim4-config. + + If you insist on having DEBCONFsomethingDEBCONF strings in your + exim configuration and don't want update-exim4.conf to barf, set + the exim macro DEBCONFstringOK_config_adapted to a non-empty + value. + + -- Marc Haber Fri, 22 Jun 2007 12:50:38 +0200 + +exim4 (4.67-2) experimental; urgency=low + + The symlink /etc/exim4/email-addresses caused data loss for people + who had a local file named /etc/exim4/email-addresses. The Debian + tools do not handle symlinks in /etc which are contained in + packages very well, so we decided to simply remove it. Please + submit a tested patch if you think that it would be a more elegant + way to handle the transition from /etc/exim4/email-addresses to + /etc/email-addresses. + + There is now a possibility to modify handling of incoming messages + to system accounts, identified by their UID (see + conf.d/router/250_exim4-config_lowuid). If you want this, set the + macro FIRST_USER_ACCOUNT_UID (which defaults to 0) to the UID of + your first "real" user account. Incoming messages for an account + with an UID below that value get routed according to the extra + alias file /etc/exim4/lowuid-aliases. If an account does not have + an alias there, it gets routed to the value of the macro + DEFAULT_SYSTEM_ACCOUNT_ALIAS, which defaults to ":fail: no mail to + system accounts" and gets the message rejected. You can use this + mechanism to route all messages for system accounts to a single + address, with exceptions. Locally generated messages are not + processed by this facility. + + Generation of the final exim configuration has changed. The + configuration no longer has the DEBCONFsomethingDEBCONF + placeholders. All data from Debconf are put into exim + configuration macros by update-exim4.conf, which are then + appropriately picked up by the configuration itself. There should + be no visible change to people who have not modified their + configuration, but customized configurations need to adapt. + + We now do basic sanitizing of input read from + update-exim4.conf.conf. If your update-exim4.conf complains about + non-ascii values, you have found a bug. Please report it. + + -- Marc Haber Mon, 11 Jun 2007 14:09:24 +0200 + +exim4 (4.62-7) unstable; urgency=low + + Bug #392993 says that 4.63-5 and -6 have overwritten manual + setting of dc_local_delivery with one of the default versions if + you have set dc_local_delivery to a value that is not either + mail_spool or maildir_home. Please verify that your + dc_local_delivery does still point to the transport you have + chosen. + + Please note that the debconf configuration only supports plain + lists. Advanced features like "dsearch;" entered there may work + today, but are not guaranteed to continue working in the future. + + If you want to use such features, please use the macros made + available for use in the configuration or edit the configuration + itself. + + This allows us to use semicolons as list delimiters consistently + while still being backwards compatible to colon-separated lists + without driving code complexity up too high. + + Starting with this version, update-exim4.conf will print a warning + if a dsearch lookup is found in the list of local domains, + dc_local_domains since there is a HOWTO on the Internet that + recommends doing this kind of things and this will _not_ work any + more. + + -- Marc Haber Sun, 15 Oct 2006 10:00:15 +0000 + +exim4 (4.62-4) unstable; urgency=low + + exim4-config has had its debconf templates re-worked. Basic + functionality is unchanged, so you shouldn't expect a real + difference. The priority of most questions has been lowered to + medium, so that the Installer can install exim4 with no questions + being asked. The default is local delivery only. Mail messages for + root and postmaster are delivered to an mbox file in + /var/mail/mail, make sure to read them. + + You can do the full exim4 configuration by calling + dpkg-reconfigure exim4-config as root. + + It is now finally possible to configure exim4 to deliver outgoing + mail to a smarthost on a port number different from 25 via debconf. + + -- Marc Haber Mon, 9 Oct 2006 14:12:25 +0000 + +exim4 (4.62-3) unstable; urgency=low + + A template for SPF support is now provided. It is disabled by + default, and relies on external calls to spfquery(1) from the + libmail-spf-query-perl package. For details, check README.Debian, + and conf.d/acl/30_exim4-config_check_rcpt. + + -- Robert Millan Fri, 28 Jul 2006 22:43:56 +0200 + +exim4 (4.62-1) unstable; urgency=low + + Please note that the handling of update-exim4.conf.conf has + changed with regard to dc_local_interfaces and dc_relay_nets: If + the strings given there contain a semicolon, the string "<;" is + now prepended to the value written to the configuration file to + consider ; a list separator. This significantly helps writing down + IPv6 addresses, but means that if you use complex things like + lookups in update-exim4.conf.conf, you'll have to change your + configuration to use the macros that directly interfere with the + configuration. + + 127.0.0.1 and ::1 have been removed from the default hostlist + relay_from_hosts - these addresses are now added by + update-exim4.conf with the appropriate separator. If you set + MAIN_RELAY_NETS manually, you'll need to add these two addresses + to your local host list. + + -- Marc Haber Sat, 29 Apr 2006 22:36:31 +0000 + +exim4 (4.50-5) unstable; urgency=low + + mailname, the local name of the system used to qualify senders and + recipients is no longer a local domain by default. Having local + delivery for that host name used to break satellite and smarthost + setups where no local delivery was expected. + /etc/exim4/update-exim4.conf.conf is modified automatically on + upgrade from the appropriate earlier versions, so if you don't do any + funky things with /etc/exim4/update-exim4.conf.conf, you should be fine. + + -- Marc Haber Sat, 2 Apr 2005 20:31:27 +0200 + +exim4 (4.43-3) unstable; urgency=low + + /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses! + The last version of exim4 that shipped this file was uploaded on the + 19th of May 2003, and I really do not want to start sarge with cruft like + that. + + -- Andreas Metzler Mon, 10 Jan 2004 10:05:34 +0100 + +exim4 (4.34-1) unstable; urgency=low + + Debconf will not ask for relay_domains if configuring smarthost or + satellite-type systems. - This functionality was untested and could + generate mail-loops. + + -- Andreas Metzler Wed, 12 May 2004 13:42:23 +0200 + +exim4 (4.30-5) unstable; urgency=low + + (Re)introduce /etc/exim4/exim4.conf.template as alternative to the + multiple small files in /etc/exim4/conf.d/ and make it the default choice + for fresh installations. This trades in a loss of comfort (you will again + need to merge in each small change manually) for increased stability. + + -- Andreas Metzler Sun, 11 Jan 2004 13:03:43 +0100 + +exim4 (4.20-2) unstable; urgency=low + + Rewriting now uses /etc/email-addresses instead of + /etc/exim4/email-addresses like exim v3 did. Please move the contents to + the new file and delete the old one, when you have time to spare. + + -- Andreas Metzler Tue, 15 Jul 2003 10:20:15 +0200 diff --cc debian/patches/85_Fix-crash-in-mime-acl-when-a-parameter-is-unterminat.patch index 0000000,0000000..a57551c new file mode 100644 --- /dev/null +++ b/debian/patches/85_Fix-crash-in-mime-acl-when-a-parameter-is-unterminat.patch @@@ -1,0 -1,0 +1,77 @@@ ++From bf485bf34df3fc2214765497a5552851c6a8977a Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Tue, 30 Dec 2014 20:39:02 +0000 ++Subject: [PATCH] Fix crash in mime acl when a parameter is unterminated ++ ++Verified-by: Wolfgang Breyha ++--- ++ src/mime.c | 33 +++++++++++---------------------- ++ test/confs/4000 | 1 + ++ test/log/4000 | 9 ++++++--- ++ test/mail/4000.userx | 36 ++++++++++++++++++++++++++++++++++++ ++ test/scripts/4000-scanning/4000 | 27 +++++++++++++++++++++++++++ ++ test/stdout/4000 | 11 +++++++++++ ++ 6 files changed, 92 insertions(+), 25 deletions(-) ++ ++diff --git a/src/mime.c b/src/mime.c ++index a61e9f2..e5fe476 100644 ++--- a/src/mime.c +++++ b/src/mime.c ++@@ -599,46 +599,35 @@ NEXT_PARAM_SEARCH: ++ /* found an interesting parameter? */ ++ if (strncmpic(mp->name, p, mp->namelen) == 0) ++ { ++- uschar * q = p + mp->namelen; ++- int plen = 0; ++ int size = 0; ++ int ptr = 0; ++ ++ /* yes, grab the value and copy to its corresponding expansion variable */ ++- while(*q && *q != ';') /* ; terminates */ ++- if (*q == '"') +++ p += mp->namelen; +++ while(*p && *p != ';') /* ; terminates */ +++ if (*p == '"') ++ { ++- q++; /* skip leading " */ ++- plen++; /* and account for the skip */ ++- while(*q && *q != '"') /* " protects ; */ ++- { ++- param_value = string_cat(param_value, &size, &ptr, q++, 1); ++- plen++; ++- } ++- if (*q) ++- { ++- q++; /* skip trailing " */ ++- plen++; ++- } +++ p++; /* skip leading " */ +++ while(*p && *p != '"') /* " protects ; */ +++ param_value = string_cat(param_value, &size, &ptr, p++, 1); +++ if (*p) p++; /* skip trailing " */ ++ } ++ else ++- { ++- param_value = string_cat(param_value, &size, &ptr, q++, 1); ++- plen++; ++- } +++ param_value = string_cat(param_value, &size, &ptr, p++, 1); +++ if (*p) p++; /* skip trailing ; */ ++ ++ if (param_value) ++ { +++ uschar * dummy; ++ param_value[ptr++] = '\0'; ++ ++ param_value = rfc2047_decode(param_value, ++- check_rfc2047_length, NULL, 32, NULL, &q); +++ check_rfc2047_length, NULL, 32, NULL, &dummy); ++ debug_printf("Found %s MIME parameter in %s header, " ++ "value is '%s'\n", mp->name, mime_header_list[i].name, ++ param_value); ++ } ++ *mp->value = param_value; ++- p += mp->namelen + plen + 1; /* name=, content, ; */ ++ goto NEXT_PARAM_SEARCH; ++ } ++ } diff --cc debian/patches/86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch index 0000000,0000000..07db5f3 new file mode 100644 --- /dev/null +++ b/debian/patches/86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch @@@ -1,0 -1,0 +1,59 @@@ ++From e7c25d5b603a33e677efc4bccb6e5cac617e7ad5 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Thu, 1 Jan 2015 21:47:10 +0000 ++Subject: [PATCH] Avoid crash with badly-terminated non-recognised mime ++ parameter ++ ++--- ++ src/mime.c | 18 +++++++++++------- ++ test/log/4000 | 3 +++ ++ test/mail/4000.userx | 42 +++++++++++++++++++++++++++++++++++++++++ ++ test/scripts/4000-scanning/4000 | 32 +++++++++++++++++++++++++++++++ ++ test/stdout/4000 | 11 +++++++++++ ++ 5 files changed, 99 insertions(+), 7 deletions(-) ++ ++diff --git a/src/mime.c b/src/mime.c ++index e5fe476..948dd78 100644 ++--- a/src/mime.c +++++ b/src/mime.c ++@@ -589,6 +589,7 @@ DECODE_HEADERS: ++ NEXT_PARAM_SEARCH: ++ while (*p) ++ { +++ /* debug_printf(" considering paramlist '%s'\n", p); */ ++ mime_parameter * mp; ++ for (mp = mime_parameter_list; ++ mp < &mime_parameter_list[mime_parameter_list_size]; ++@@ -623,7 +624,7 @@ NEXT_PARAM_SEARCH: ++ ++ param_value = rfc2047_decode(param_value, ++ check_rfc2047_length, NULL, 32, NULL, &dummy); ++- debug_printf("Found %s MIME parameter in %s header, " +++ debug_printf(" Found %s MIME parameter in %s header, " ++ "value is '%s'\n", mp->name, mime_header_list[i].name, ++ param_value); ++ } ++@@ -631,14 +632,17 @@ NEXT_PARAM_SEARCH: ++ goto NEXT_PARAM_SEARCH; ++ } ++ } ++- /* There is something, but not one of our interesting parameters. ++- Advance to the next semicolon */ ++- while(*p != ';') +++ /* There is something, but not one of our interesting parameters. +++ Advance to the next unquoted semicolon */ +++ while(*p && *p != ';') +++ if (*p == '"') ++ { ++- if (*p == '"') while(*++p && *p != '"') ; ++- p++; +++ while(*++p && *p != '"') ; +++ if (*p) p++; ++ } ++- p++; +++ else +++ p++; +++ if (*p) p++; ++ } ++ } ++ } diff --cc debian/patches/87_Fix-transport-results-pipe-for-multiple-recipients-c.patch index 0000000,0000000..8da9b4f new file mode 100644 --- /dev/null +++ b/debian/patches/87_Fix-transport-results-pipe-for-multiple-recipients-c.patch @@@ -1,0 -1,0 +1,384 @@@ ++From bd21a787cdeef803334a6c7bf50d23b2a18cbd6f Mon Sep 17 00:00:00 2001 ++From: Wolfgang Breyha ++Date: Sun, 28 Sep 2014 13:40:45 +0100 ++Subject: [PATCH] Fix transport-results pipe for multiple recipients combined ++ with certs. ++ ++The previous parsing failed when a result item split over a buffer boundary; ++fix by prefixing sizes to items, and checking enough has been read as the ++initial parsing stage. ++--- ++ doc/doc-txt/ChangeLog | 7 +++ ++ src/deliver.c | 162 +++++++++++++++++++++++++++++++++++++------------- ++ src/macros.h | 4 ++ ++ 3 files changed, 131 insertions(+), 42 deletions(-) ++ ++# diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog ++# index 46fed6f..76ecc20 100644 ++# --- a/doc/doc-txt/ChangeLog ++# +++ b/doc/doc-txt/ChangeLog ++# @@ -37,6 +37,13 @@ TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep. ++# TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups. ++# Merged patch from Sebastian Wiedenroth. ++# ++# +JH/05 Fix results-pipe from transport process. Several recipients, combined ++# + with certificate use, exposed issues where response data items split ++# + over buffer boundaries were not parsed properly. This eventually ++# + resulted in duplicates being sent. This issue only became common enough ++# + to notice due to the introduction of conection certificate information, ++# + the item size being so much larger. Found and fixed by Wolfgang Breyha. ++# + ++# Exim version 4.84 ++# ----------------- ++# TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static ++--- a/src/deliver.c +++++ b/src/deliver.c ++@@ -2823,6 +2823,8 @@ uschar *ptr = endptr; ++ uschar *msg = p->msg; ++ BOOL done = p->done; ++ BOOL unfinished = TRUE; +++/* minimum size to read is header size including id, subid and length */ +++int required = PIPE_HEADER_SIZE; ++ ++ /* Loop through all items, reading from the pipe when necessary. The pipe ++ is set up to be non-blocking, but there are two different Unix mechanisms in ++@@ -2845,12 +2847,15 @@ while (!done) ++ { ++ retry_item *r, **rp; ++ int remaining = endptr - ptr; +++ uschar header[PIPE_HEADER_SIZE + 1]; +++ uschar id, subid; +++ uschar *endc; ++ ++ /* Read (first time) or top up the chars in the buffer if necessary. ++ There will be only one read if we get all the available data (i.e. don't ++ fill the buffer completely). */ ++ ++- if (remaining < 2500 && unfinished) +++ if (remaining < required && unfinished) ++ { ++ int len; ++ int available = big_buffer_size - remaining; ++@@ -2883,17 +2888,64 @@ while (!done) ++ won't read any more, as "unfinished" will get set FALSE. */ ++ ++ endptr += len; +++ remaining += len; ++ unfinished = len == available; ++ } ++ ++ /* If we are at the end of the available data, exit the loop. */ ++- ++ if (ptr >= endptr) break; ++ +++ /* copy and read header */ +++ memcpy(header, ptr, PIPE_HEADER_SIZE); +++ header[PIPE_HEADER_SIZE] = '\0'; +++ id = header[0]; +++ subid = header[1]; +++ required = Ustrtol(header + 2, &endc, 10) + PIPE_HEADER_SIZE; /* header + data */ +++ if (*endc) +++ { +++ msg = string_sprintf("failed to read pipe from transport process " +++ "%d for transport %s: error reading size from header", pid, addr->transport->driver_name); +++ done = TRUE; +++ break; +++ } +++ +++ DEBUG(D_deliver) +++ debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,unfinished:%d\n", +++ id, subid, header+2, required, remaining, unfinished); +++ +++ /* is there room for the dataset we want to read ? */ +++ if (required > big_buffer_size - PIPE_HEADER_SIZE) +++ { +++ msg = string_sprintf("failed to read pipe from transport process " +++ "%d for transport %s: big_buffer too small! required size=%d buffer size=%d", pid, addr->transport->driver_name, +++ required, big_buffer_size - PIPE_HEADER_SIZE); +++ done = TRUE; +++ break; +++ } +++ +++ /* we wrote all datasets with atomic write() calls +++ remaining < required only happens if big_buffer was too small +++ to get all available data from pipe. unfinished has to be true +++ as well. */ +++ if (remaining < required) +++ if (unfinished) +++ continue; +++ else +++ { +++ msg = string_sprintf("failed to read pipe from transport process " +++ "%d for transport %s: required size=%d > remaining size=%d and unfinished=false", +++ pid, addr->transport->driver_name, required, remaining); +++ done = TRUE; +++ break; +++ } +++ +++ /* step behind the header */ +++ ptr += PIPE_HEADER_SIZE; +++ ++ /* Handle each possible type of item, assuming the complete item is ++ available in store. */ ++ ++- switch (*ptr++) +++ switch (id) ++ { ++ /* Host items exist only if any hosts were marked unusable. Match ++ up by checking the IP address. */ ++@@ -2990,7 +3042,7 @@ while (!done) ++ #ifdef SUPPORT_TLS ++ case 'X': ++ if (addr == NULL) goto ADDR_MISMATCH; /* Below, in 'A' handler */ ++- switch (*ptr++) +++ switch (subid) ++ { ++ case '1': ++ addr->cipher = NULL; ++@@ -3028,7 +3080,7 @@ while (!done) ++ #endif /*SUPPORT_TLS*/ ++ ++ case 'C': /* client authenticator information */ ++- switch (*ptr++) +++ switch (subid) ++ { ++ case '1': ++ addr->authenticator = (*ptr)? string_copy(ptr) : NULL; ++@@ -3051,7 +3103,7 @@ while (!done) ++ ++ #ifdef EXPERIMENTAL_DSN ++ case 'D': ++- if (addr == NULL) break; +++ if (addr == NULL) goto ADDR_MISMATCH; ++ memcpy(&(addr->dsn_aware), ptr, sizeof(addr->dsn_aware)); ++ ptr += sizeof(addr->dsn_aware); ++ DEBUG(D_deliver) debug_printf("DSN read: addr->dsn_aware = %d\n", addr->dsn_aware); ++@@ -3119,7 +3171,7 @@ while (!done) ++ continue_hostname = NULL; ++ } ++ done = TRUE; ++- DEBUG(D_deliver) debug_printf("Z%c item read\n", *ptr); +++ DEBUG(D_deliver) debug_printf("Z0%c item read\n", *ptr); ++ break; ++ ++ /* Anything else is a disaster. */ ++@@ -3572,9 +3624,40 @@ while (parcount > max) ++ ++ ++ static void ++-rmt_dlv_checked_write(int fd, void * buf, int size) +++rmt_dlv_checked_write(int fd, char id, char subid, void * buf, int size) ++ { ++-int ret = write(fd, buf, size); +++uschar writebuffer[PIPE_HEADER_SIZE + BIG_BUFFER_SIZE]; +++int header_length; +++ +++/* we assume that size can't get larger then BIG_BUFFER_SIZE which currently is set to 16k */ +++/* complain to log if someone tries with buffer sizes we can't handle*/ +++ +++if (size > 99999) +++{ +++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, +++ "Failed writing transport result to pipe: can't handle buffers > 99999 bytes. truncating!\n"); +++ size = 99999; +++} +++ +++/* to keep the write() atomic we build header in writebuffer and copy buf behind */ +++/* two write() calls would increase the complexity of reading from pipe */ +++ +++/* convert size to human readable string prepended by id and subid */ +++header_length = snprintf(writebuffer, PIPE_HEADER_SIZE+1, "%c%c%05d", id, subid, size); +++if (header_length != PIPE_HEADER_SIZE) +++{ +++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "header snprintf failed\n"); +++ writebuffer[0] = '\0'; +++} +++ +++DEBUG(D_deliver) debug_printf("header write id:%c,subid:%c,size:%d,final:%s\n", +++ id, subid, size, writebuffer); +++ +++if (buf && size > 0) +++ memcpy(writebuffer + PIPE_HEADER_SIZE, buf, size); +++ +++size += PIPE_HEADER_SIZE; +++int ret = write(fd, writebuffer, size); ++ if(ret != size) ++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed writing transport result to pipe: %s\n", ++ ret == -1 ? strerror(errno) : "short write"); ++@@ -4100,8 +4183,8 @@ for (delivery_count = 0; addr_remote != ++ for (h = addr->host_list; h != NULL; h = h->next) ++ { ++ if (h->address == NULL || h->status < hstatus_unusable) continue; ++- sprintf(CS big_buffer, "H%c%c%s", h->status, h->why, h->address); ++- rmt_dlv_checked_write(fd, big_buffer, Ustrlen(big_buffer+3) + 4); +++ sprintf(CS big_buffer, "%c%c%s", h->status, h->why, h->address); +++ rmt_dlv_checked_write(fd, 'H', '0', big_buffer, Ustrlen(big_buffer+2) + 3); ++ } ++ ++ /* The number of bytes written. This is the same for each address. Even ++@@ -4109,9 +4192,8 @@ for (delivery_count = 0; addr_remote != ++ size of each one is the same, and it's that value we have got because ++ transport_count gets reset before calling transport_write_message(). */ ++ ++- big_buffer[0] = 'S'; ++- memcpy(big_buffer+1, &transport_count, sizeof(transport_count)); ++- rmt_dlv_checked_write(fd, big_buffer, sizeof(transport_count) + 1); +++ memcpy(big_buffer, &transport_count, sizeof(transport_count)); +++ rmt_dlv_checked_write(fd, 'S', '0', big_buffer, sizeof(transport_count)); ++ ++ /* Information about what happened to each address. Four item types are ++ used: an optional 'X' item first, for TLS information, then an optional "C" ++@@ -4131,7 +4213,7 @@ for (delivery_count = 0; addr_remote != ++ if (addr->cipher) ++ { ++ ptr = big_buffer; ++- sprintf(CS ptr, "X1%.128s", addr->cipher); +++ sprintf(CS ptr, "%.128s", addr->cipher); ++ while(*ptr++); ++ if (!addr->peerdn) ++ *ptr++ = 0; ++@@ -4141,35 +4223,33 @@ for (delivery_count = 0; addr_remote != ++ while(*ptr++); ++ } ++ ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'X', '1', big_buffer, ptr - big_buffer); ++ } ++ if (addr->peercert) ++ { ++ ptr = big_buffer; ++- *ptr++ = 'X'; *ptr++ = '2'; ++ if (!tls_export_cert(ptr, big_buffer_size-2, addr->peercert)) ++ while(*ptr++); ++ else ++ *ptr++ = 0; ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'X', '2', big_buffer, ptr - big_buffer); ++ } ++ if (addr->ourcert) ++ { ++ ptr = big_buffer; ++- *ptr++ = 'X'; *ptr++ = '3'; ++ if (!tls_export_cert(ptr, big_buffer_size-2, addr->ourcert)) ++ while(*ptr++); ++ else ++ *ptr++ = 0; ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'X', '3', big_buffer, ptr - big_buffer); ++ } ++ #ifndef DISABLE_OCSP ++ if (addr->ocsp > OCSP_NOT_REQ) ++ { ++ ptr = big_buffer; ++- sprintf(CS ptr, "X4%c", addr->ocsp + '0'); +++ sprintf(CS ptr, "%c", addr->ocsp + '0'); ++ while(*ptr++); ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'X', '4', big_buffer, ptr - big_buffer); ++ } ++ # endif ++ #endif /*SUPPORT_TLS*/ ++@@ -4177,34 +4257,33 @@ for (delivery_count = 0; addr_remote != ++ if (client_authenticator) ++ { ++ ptr = big_buffer; ++- sprintf(CS big_buffer, "C1%.64s", client_authenticator); +++ sprintf(CS big_buffer, "%.64s", client_authenticator); ++ while(*ptr++); ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'C', '1', big_buffer, ptr - big_buffer); ++ } ++ if (client_authenticated_id) ++ { ++ ptr = big_buffer; ++- sprintf(CS big_buffer, "C2%.64s", client_authenticated_id); +++ sprintf(CS big_buffer, "%.64s", client_authenticated_id); ++ while(*ptr++); ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'C', '2', big_buffer, ptr - big_buffer); ++ } ++ if (client_authenticated_sender) ++ { ++ ptr = big_buffer; ++- sprintf(CS big_buffer, "C3%.64s", client_authenticated_sender); +++ sprintf(CS big_buffer, "%.64s", client_authenticated_sender); ++ while(*ptr++); ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'C', '3', big_buffer, ptr - big_buffer); ++ } ++ ++ #ifndef DISABLE_PRDR ++ if (addr->flags & af_prdr_used) ++- rmt_dlv_checked_write(fd, "P", 1); +++ rmt_dlv_checked_write(fd, 'P', '0', NULL, 0); ++ #endif ++ ++ #ifdef EXPERIMENTAL_DSN ++- big_buffer[0] = 'D'; ++- memcpy(big_buffer+1, &addr->dsn_aware, sizeof(addr->dsn_aware)); ++- rmt_dlv_checked_write(fd, big_buffer, sizeof(addr->dsn_aware) + 1); +++ memcpy(big_buffer, &addr->dsn_aware, sizeof(addr->dsn_aware)); +++ rmt_dlv_checked_write(fd, 'D', '0', big_buffer, sizeof(addr->dsn_aware)); ++ DEBUG(D_deliver) debug_printf("DSN write: addr->dsn_aware = %d\n", addr->dsn_aware); ++ #endif ++ ++@@ -4213,7 +4292,7 @@ for (delivery_count = 0; addr_remote != ++ for (r = addr->retries; r != NULL; r = r->next) ++ { ++ uschar *ptr; ++- sprintf(CS big_buffer, "R%c%.500s", r->flags, r->key); +++ sprintf(CS big_buffer, "%c%.500s", r->flags, r->key); ++ ptr = big_buffer + Ustrlen(big_buffer+2) + 3; ++ memcpy(ptr, &(r->basic_errno), sizeof(r->basic_errno)); ++ ptr += sizeof(r->basic_errno); ++@@ -4224,13 +4303,13 @@ for (delivery_count = 0; addr_remote != ++ sprintf(CS ptr, "%.512s", r->message); ++ while(*ptr++); ++ } ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'R', '0', big_buffer, ptr - big_buffer); ++ } ++ ++ /* The rest of the information goes in an 'A' item. */ ++ ++- ptr = big_buffer + 3; ++- sprintf(CS big_buffer, "A%c%c", addr->transport_return, +++ ptr = big_buffer + 2; +++ sprintf(CS big_buffer, "%c%c", addr->transport_return, ++ addr->special_action); ++ memcpy(ptr, &(addr->basic_errno), sizeof(addr->basic_errno)); ++ ptr += sizeof(addr->basic_errno); ++@@ -4265,7 +4344,7 @@ for (delivery_count = 0; addr_remote != ++ : addr->host_used->dnssec==DS_NO ? '1' : '0'; ++ ++ } ++- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); +++ rmt_dlv_checked_write(fd, 'A', '0', big_buffer, ptr - big_buffer); ++ } ++ ++ /* Add termination flag, close the pipe, and that's it. The character ++@@ -4273,9 +4352,8 @@ for (delivery_count = 0; addr_remote != ++ A change from non-NULL to NULL indicates a problem with a continuing ++ connection. */ ++ ++- big_buffer[0] = 'Z'; ++- big_buffer[1] = (continue_transport == NULL)? '0' : '1'; ++- rmt_dlv_checked_write(fd, big_buffer, 2); +++ big_buffer[0] = (continue_transport == NULL)? '0' : '1'; +++ rmt_dlv_checked_write(fd, 'Z', '0', big_buffer, 1); ++ (void)close(fd); ++ exit(EXIT_SUCCESS); ++ } ++--- a/src/macros.h +++++ b/src/macros.h ++@@ -156,6 +156,10 @@ as long as the maximum path length. */ ++ #define BIG_BUFFER_SIZE 16384 ++ #endif ++ +++/* header size of pipe content +++ currently: char id, char subid, char[5] length */ +++#define PIPE_HEADER_SIZE 7 +++ ++ /* This limits the length of data returned by local_scan(). Because it is ++ written on the spool, it gets read into big_buffer. */ ++ diff --cc debian/patches/89_01_only_warn_on_nonempty_environment.diff index 0000000,0000000..436c77b new file mode 100644 --- /dev/null +++ b/debian/patches/89_01_only_warn_on_nonempty_environment.diff @@@ -1,0 -1,0 +1,38 @@@ ++Description: Don't issue env warning if env is empty ++ keep_environment needs to be mentioned in the runtime config. ++ Setting add_environment isn't enough to suppress the warning. ++ ++ (cherry picked from commit 8e58ed807c77febfde61d3cf47928302f93cc99c) ++Origin: upstream ++ ++--- exim4-4.84.2.orig/src/readconf.c +++++ exim4-4.84.2/src/readconf.c ++@@ -3418,10 +3418,10 @@ if (gnutls_require_kx || gnutls_require_ ++ " are obsolete\n"); ++ #endif /*SUPPORT_TLS*/ ++ ++-if ((!add_environment || *add_environment == '\0') && !keep_environment) +++if (!keep_environment && environ && *environ) ++ log_write(0, LOG_MAIN, ++- "WARNING: purging the environment.\n" ++- " Suggested action: use keep_environment and add_environment.\n"); +++ "Warning: purging the environment.\n" +++ " Suggested action: use keep_environment."); ++ } ++ ++ ++--- exim4-4.84.2.orig/doc/spec.txt +++++ exim4-4.84.2/doc/spec.txt ++@@ -13516,8 +13516,10 @@ having FOO_HOME in your keep_environment ++ You may work around this using a regular expression that does not match the ++ macro name: ^[F]OO_HOME$. ++ ++-Current versions of Exim issue a warning during startupif you do not mention ++-keep_environment or add_environment in your runtime configuration file. +++Current versions of Exim issue a warning during startup if you do not mention +++keep_environment in your runtime configuration file and if there is +++anything in your environment. Future versions may not issue that warning +++anymore. ++ ++ +--------------+---------+----------+-----------+ ++ |keep_malformed|Use: main|Type: time|Default: 4d| diff --cc debian/patches/89_01_p_Delay-chdir-until-we-opened-the-main-config.patch index 0000000,0000000..b55e90c new file mode 100644 --- /dev/null +++ b/debian/patches/89_01_p_Delay-chdir-until-we-opened-the-main-config.patch @@@ -1,0 -1,0 +1,76 @@@ ++Backport of 3de973a29de6852d61ba9bf1845835d08ca5a5ab ++ ++From: "Heiko Schlittermann (HS12-RIPE)" ++Date: Wed, 2 Mar 2016 22:07:45 +0100 ++Subject: [PATCH] Delay chdir(/) until we opened the main config ++ ++--- a/doc/spec.txt +++++ b/doc/spec.txt ++@@ -3361,8 +3361,6 @@ brief message about itself and exits. ++ first file that exists is used. Failure to open an existing file stops Exim ++ from proceeding any further along the list, and an error is generated. ++ ++- The file names need to be absolute names. ++- ++ When this option is used by a caller other than root, and the list is ++ different from the compiled-in list, Exim gives up its root privilege ++ immediately, and runs with the real and effective uid and gid set to those ++--- a/src/exim.c +++++ b/src/exim.c ++@@ -3683,17 +3683,16 @@ init_lookup_list(); ++ ++ /* Read the main runtime configuration data; this gives up if there ++ is a failure. It leaves the configuration file open so that the subsequent ++-configuration data for delivery can be read if needed. */ +++configuration data for delivery can be read if needed. ++ ++-/* To be safe: change the working directory to /. */ ++-if (Uchdir("/") < 0) ++- { ++- perror("exim: chdir `/': "); ++- exit(EXIT_FAILURE); ++- } +++NOTE: immediatly after opening the configuration file we change the working +++directory to "/"! Later we change to $spool_directory. We do it there, because +++during readconf_main() some expansion takes place already. */ ++ ++ readconf_main(); ++ +++/* Now in directory "/" */ +++ ++ if (cleanup_environment() == FALSE) ++ log_write(0, LOG_PANIC_DIE, "Can't cleanup environment"); ++ ++--- a/src/readconf.c +++++ b/src/readconf.c ++@@ -2969,14 +2969,6 @@ while((filename = string_nextinlist(&lis ++ != NULL) ++ { ++ ++- /* To avoid confusion: Exim changes to / at the very beginning and ++- * and to $spool_directory later. */ ++- if (filename[0] != '/') ++- { ++- fprintf(stderr, "-C %s: only absolute names are allowed\n", filename); ++- exit(EXIT_FAILURE); ++- } ++- ++ /* Cut out all the fancy processing unless specifically wanted */ ++ ++ #if defined(CONFIGURE_FILE_USE_NODE) || defined(CONFIGURE_FILE_USE_EUID) ++@@ -3030,6 +3022,15 @@ while((filename = string_nextinlist(&lis ++ if (config_file != NULL || errno != ENOENT) break; ++ } ++ +++/* Now, once we found and opened our configuration file, we change the directory +++to a safe place. Later we change to $spool_directory. */ +++ +++if (Uchdir("/") < 0) +++ { +++ perror("exim: chdir `/': "); +++ exit(EXIT_FAILURE); +++ } +++ ++ /* On success, save the name for verification; config_filename is used when ++ logging configuration errors (it changes for .included files) whereas ++ config_main_filename is the name shown by -bP. Failure to open a configuration diff --cc debian/patches/89_02_Store-the-initial-working-directory.diff index 0000000,0000000..da9a024 new file mode 100644 --- /dev/null +++ b/debian/patches/89_02_Store-the-initial-working-directory.diff @@@ -1,0 -1,0 +1,79 @@@ ++Description: Store the initial working directory, expand $initial_cwd. ++ Bug 1805 https://bugs.exim.org/show_bug.cgi?id=1805 ++Origin: upstream ++ ++--- a/src/globals.c +++++ b/src/globals.c ++@@ -759,6 +759,7 @@ BOOL ignore_fromline_local = FALSE; ++ uschar *ignore_fromline_hosts = NULL; ++ BOOL inetd_wait_mode = FALSE; ++ int inetd_wait_timeout = -1; +++uschar *initial_cwd = NULL; ++ uschar *interface_address = NULL; ++ int interface_port = -1; ++ BOOL is_inetd = FALSE; ++--- a/src/exim.c +++++ b/src/exim.c ++@@ -3689,6 +3689,13 @@ NOTE: immediatly after opening the confi ++ directory to "/"! Later we change to $spool_directory. We do it there, because ++ during readconf_main() some expansion takes place already. */ ++ +++/* Store the initial cwd before we change directories */ +++if ((initial_cwd = getcwd(NULL, 0)) == NULL) +++ { +++ perror("exim: can't get the current working directory"); +++ exit(EXIT_FAILURE); +++ } +++ ++ readconf_main(); ++ ++ /* Now in directory "/" */ ++@@ -3967,9 +3974,10 @@ if (((debug_selector & D_any) != 0 || (l ++ { ++ int i; ++ uschar *p = big_buffer; ++- char * dummy; ++ Ustrcpy(p, "cwd= (failed)"); ++- dummy = /* quieten compiler */ getcwd(CS p+4, big_buffer_size - 4); +++ +++ Ustrncpy(p + 4, initial_cwd, big_buffer_size-5); +++ ++ while (*p) p++; ++ (void)string_format(p, big_buffer_size - (p - big_buffer), " %d args:", argc); ++ while (*p) p++; ++--- a/src/globals.h +++++ b/src/globals.h ++@@ -486,6 +486,7 @@ extern BOOL ignore_fromline_local; / ++ extern uschar *ignore_fromline_hosts; /* Hosts permitted to send "From " */ ++ extern BOOL inetd_wait_mode; /* Whether running in inetd wait mode */ ++ extern int inetd_wait_timeout; /* Timeout for inetd wait mode */ +++extern uschar *initial_cwd; /* The directory we where in at startup */ ++ extern BOOL is_inetd; /* True for inetd calls */ ++ extern uschar *iterate_item; /* Item from iterate list */ ++ ++--- a/src/expand.c +++++ b/src/expand.c ++@@ -501,6 +501,7 @@ static var_entry var_table[] = { ++ { "host_data", vtype_stringptr, &host_data }, ++ { "host_lookup_deferred",vtype_int, &host_lookup_deferred }, ++ { "host_lookup_failed", vtype_int, &host_lookup_failed }, +++ { "initial_cwd", vtype_stringptr, &initial_cwd }, ++ { "inode", vtype_ino, &deliver_inode }, ++ { "interface_address", vtype_stringptr, &interface_address }, ++ { "interface_port", vtype_int, &interface_port }, ++--- a/doc/spec.txt +++++ b/doc/spec.txt ++@@ -10426,6 +10426,13 @@ $host_lookup_failed ++ ++ See $host_lookup_deferred. ++ +++$initial_cwd +++ +++ This variable contains the full path name of the initial working +++ directory of the current Exim process. This may differ from the current +++ working directory, as Exim changes this to "/" during early startup, and +++ to $spool_directory later. +++ ++ $inode ++ ++ The only time this variable is set is while expanding the directory_file diff --cc debian/patches/90_Cutthrough-Fix-bug-with-dot-only-line.patch index 0000000,0000000..71d0844 new file mode 100644 --- /dev/null +++ b/debian/patches/90_Cutthrough-Fix-bug-with-dot-only-line.patch @@@ -1,0 -1,0 +1,32 @@@ ++From 2d51a06458d4fb771dca34966cf2d19c6820ce61 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Thu, 21 Jan 2016 15:37:08 +0000 ++Subject: [PATCH] Cutthrough: Fix bug with dot-only line ++ JH/38 Fix cutthrough bug with body lines having a single dot. The dot was ++ incorrectly not doubled on cutthrough transmission, hence seen as a ++ body-termination at the receiving system - resulting in truncated mails. ++ Commonly the sender saw a TCP-level error, and retransmitted the nessage ++ via the normal store-and-forward channel. This could result in duplicates ++ received - but deduplicating mailstores were liable to retain only the ++ initial truncated version. ++ (cherry picked from commit 1bc460a64a0de0766d21f4f8660c6597bc410cbc) ++ ++--- exim4-4.84.2.orig/src/receive.c +++++ exim4-4.84.2/src/receive.c ++@@ -838,7 +838,15 @@ while ((ch = (receive_getc)()) != EOF) ++ ch_state = 4; ++ continue; ++ } ++- ch_state = 1; /* The dot itself is removed */ +++ /* The dot was removed at state 3. For a doubled dot, here, reinstate +++ it to cutthrough. The current ch, dot or not, is passed both to cutthrough +++ and to file below. */ +++ if (ch == '.') +++ { +++ uschar c= ch; +++ (void) cutthrough_puts(&c, 1); +++ } +++ ch_state = 1; ++ break; ++ ++ case 4: /* After [CR] LF . CR */ diff --cc debian/patches/91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch index 0000000,0000000..4fe11db new file mode 100644 --- /dev/null +++ b/debian/patches/91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch @@@ -1,0 -1,0 +1,45 @@@ ++From 9dc2b215e83a63efa242f6acd3ab7af8b608e5a1 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Mon, 11 Jan 2016 15:50:22 +0000 ++Subject: [PATCH] Expansions: Fix crash in crypteq: On OpenBSD a bad second-arg ++ results in an error-return from crypt(). Errorcheck that return. ++ ++--- ++ src/expand.c | 14 +++++++++++--- ++ 1 file changed, 11 insertions(+), 3 deletions(-) ++ ++diff --git a/src/expand.c b/src/expand.c ++index f144a75..2966c22 100644 ++--- a/src/expand.c +++++ b/src/expand.c ++@@ -2791,7 +2791,7 @@ switch(cond_type) ++ #define XSTR(s) STR(s) ++ DEBUG(D_auth) debug_printf("crypteq: using %s()\n" ++ " subject=%s\n crypted=%s\n", ++- (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16", +++ which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16", ++ coded, sub[1]); ++ #undef STR ++ #undef XSTR ++@@ -2800,8 +2800,16 @@ switch(cond_type) ++ salt), force failure. Otherwise we get false positives: with an empty ++ string the yield of crypt() is an empty string! */ ++ ++- tempcond = (Ustrlen(sub[1]) < 2)? FALSE : ++- (Ustrcmp(coded, sub[1]) == 0); +++ if (coded) +++ tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0; +++ else if (errno == EINVAL) +++ tempcond = FALSE; +++ else +++ { +++ expand_string_message = string_sprintf("crypt error: %s\n", +++ US strerror(errno)); +++ return NULL; +++ } ++ } ++ break; ++ #endif /* SUPPORT_CRYPTEQ */ ++-- ++2.8.0.rc3 ++ diff --cc debian/patches/92_CVE-2016-1238.diff index 0000000,0000000..fbabd0d new file mode 100644 --- /dev/null +++ b/debian/patches/92_CVE-2016-1238.diff @@@ -1,0 -1,0 +1,11 @@@ ++--- a/src/eximstats.src 2016-07-24 22:29:53.000000000 +0100 +++++ b/src/eximstats.src 2016-07-24 22:33:49.763365395 +0100 ++@@ -550,6 +550,8 @@ ++ ++ =cut ++ +++BEGIN { pop @INC if $INC[-1] eq '.' } +++ ++ use integer; ++ use strict; ++ use IO::File; diff --cc debian/patches/93_CVE-2016-9963-Fix-DKIM-information-leakage.patch index 0000000,0000000..1b8528f new file mode 100644 --- /dev/null +++ b/debian/patches/93_CVE-2016-9963-Fix-DKIM-information-leakage.patch @@@ -1,0 -1,0 +1,45 @@@ ++From be2b8e517f4946d2ad0cb0100e7b078cb4d9b65f Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Fri, 16 Dec 2016 20:36:39 +0000 ++Subject: [PATCH 1/2] Fix DKIM information leakage ++ ++--- ++ ++--- a/src/dkim.c +++++ b/src/dkim.c ++@@ -521,6 +521,8 @@ uschar *dkim_exim_sign(int dkim_fd, ++ (char *)dkim_private_key_expanded ++ ); ++ +++ dkim_private_key_expanded[0] = '\0'; +++ ++ pdkim_set_debug_stream(ctx,debug_file); ++ ++ pdkim_set_optional(ctx, ++--- a/src/transports/smtp.c +++++ b/src/transports/smtp.c ++@@ -282,6 +282,7 @@ static uschar *rf_names[] = { "NEVER", " ++ static uschar *smtp_command; /* Points to last cmd for error messages */ ++ static uschar *mail_command; /* Points to MAIL cmd for error messages */ ++ static BOOL update_waiting; /* TRUE to update the "wait" database */ +++static uschar *data_command = US""; /* Points to DATA cmd for error messages */ ++ ++ ++ /************************************************* ++@@ -1951,6 +1952,7 @@ if (ok || (smtp_use_pipelining && !mua_w ++ case -1: goto END_OFF; /* Timeout on RCPT */ ++ default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */ ++ } +++ data_command = string_copy(big_buffer); /* Save for later error message */ ++ } ++ ++ /* Save the first address of the next batch. */ ++@@ -2136,7 +2138,7 @@ if (!ok) ok = TRUE; else ++ #else ++ "LMTP error after %s: %s", ++ #endif ++- big_buffer, string_printing(buffer)); +++ data_command, string_printing(buffer)); ++ setflag(addr, af_pass_message); /* Allow message to go to user */ ++ if (buffer[0] == '5') ++ addr->transport_return = FAIL; diff --cc debian/patches/94_Fix-memory-leak-on-Gnu-TLS-close.patch index 0000000,0000000..c6456d9 new file mode 100644 --- /dev/null +++ b/debian/patches/94_Fix-memory-leak-on-Gnu-TLS-close.patch @@@ -1,0 -1,0 +1,52 @@@ ++From 867e8fe25dbfb1e31493488ad695bde55b890397 Mon Sep 17 00:00:00 2001 ++From: "Heiko Schlittermann (HS12-RIPE)" ++Date: Wed, 23 Nov 2016 12:02:26 +0100 ++Subject: [PATCH] Fix memory leak on (Gnu)TLS close. ++ ++This leak doesn't show up under normal operation, as the process ++normally dies right after closing the session. ++ ++But during callout repetitive TLS sessions are opened and closed from ++the same process (the process receiving the message). Depending on ++the amount of RAM and the number of callouts the same process does, ++this may be a problem. (On an amd64 machine with 4GB RAM, at about 1000 ++recipients the memory is exhausted.) ++ ++(cherry picked from commit ed62aae3051c9a713d35c8ae516fbd193d1401ba) ++--- ++ src/tls-gnu.c | 5 +++++ ++ 1 file changed, 5 insertions(+) ++ ++diff --git a/src/tls-gnu.c b/src/tls-gnu.c ++index 61ed0e81..670f8cbc 100644 ++--- a/src/tls-gnu.c +++++ b/src/tls-gnu.c ++@@ -1729,6 +1729,7 @@ if (rc != GNUTLS_E_SUCCESS) ++ ++ if (!sigalrm_seen) ++ { +++ gnutls_certificate_free_credentials(state->x509_cred); ++ (void)fclose(smtp_out); ++ (void)fclose(smtp_in); ++ } ++@@ -2014,6 +2015,8 @@ if (shutdown) ++ } ++ ++ gnutls_deinit(state->session); +++gnutls_certificate_free_credentials(state->x509_cred); +++ ++ ++ state->tlsp->active = -1; ++ memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init)); ++@@ -2074,6 +2077,8 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) ++ receive_smtp_buffered = smtp_buffered; ++ ++ gnutls_deinit(state->session); +++ gnutls_certificate_free_credentials(state->x509_cred); +++ ++ state->session = NULL; ++ state->tlsp->active = -1; ++ state->tlsp->bits = 0; ++-- ++2.11.0 ++ diff --cc debian/patches/series index 7e55c37,0000000..872a01c mode 100644,000000..100644 --- a/debian/patches/series +++ b/debian/patches/series @@@ -1,15 -1,0 +1,26 @@@ +31_eximmanpage.dpatch +32_exim4.dpatch +33_eximon.binary.dpatch +34_eximstatsmanpage.dpatch +35_install.dpatch +50_localscan_dlopen.dpatch +60_convert4r4.dpatch +66_enlarge-dh-parameters-size.dpatch +67_unnecessaryCopt.diff +70_remove_exim-users_references.dpatch +80_mime_empty_charset.diff +81_buffer-overrun-in-spam-acl.diff +82_quoted-or-r-2047-encoded.diff +83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch +84_Fix-truncation-of-items-in-headers_remove-lists-this.patch ++85_Fix-crash-in-mime-acl-when-a-parameter-is-unterminat.patch ++86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch ++87_Fix-transport-results-pipe-for-multiple-recipients-c.patch ++89_01_only_warn_on_nonempty_environment.diff ++89_01_p_Delay-chdir-until-we-opened-the-main-config.patch ++89_02_Store-the-initial-working-directory.diff ++90_Cutthrough-Fix-bug-with-dot-only-line.patch ++91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch ++92_CVE-2016-1238.diff ++93_CVE-2016-9963-Fix-DKIM-information-leakage.patch ++94_Fix-memory-leak-on-Gnu-TLS-close.patch